SSH REMOTE PORT FORWAR NEW TUTORIAL
علی ذوالفقار
1402/12/20 23:30:18 (40)
private servers are behind firewall
there is 3 server in private network ( protected by firewall )
172.32.1.1 ( source server )->( have access to other server via second NIC with ip : 192.168.0.10 )
192.168.0.11 run vnc and mysql
192.168.0.12 run sql-server and rdp service
only source server have access to internet or at least have access to ssh on public server
clients need to connect to ssl-vpn to connect to private servers
only laptop-a have access to ssl-vpn ( have trusted ip or in trusted network )
1 - laptop-a connect to ssl-vpn
2 - laptop-a ssh to 172.32.1.1 ( source server )
3 - now laptop-a have access to all 3 private server
4 - we want laptop-b can connect to services and servers in private network without using ssl-vpn
using ssh remote port forward from private network source server to
our public server ( 172.32.20.10 )
run ssh to remote port forward like this :
p-ip : public-server-ip
p-port : public-server-port
s-ip : source-server-ip
s-port : source-server-port
in source server (172.32.1.1/192.168.0.10)
ssh -R ::: user@p-server
or in short hand :
ssh -R :: user@p-server
give access to laptop-b to ssh to source-server :
ssh -R 2222:127.0.0.1:22 user@p-server
this will bind 127.0.0.1:22 to public-server port 2222
so laptop-b can ssh to public server like this :
ssh user@172.32.20.10 -p 22
but can ssh to source server in private network like this :
ssh user@172.32.20.10 -p 2222
give access to connect to windows-rdp on 192.168.0.12 in private network :
ssh -R 33890:192.168.0.12:3389 user@p-server
this will forward port 3389 ( rdp-port ) to port 33890 on public server
so laptop-b can connect to private server rdp like this :
mstsc /v:172.32.20.10:33890
forward mysql and sql-server ports are like this :
mysql :
ssh -R 33060:192.168.0.11:3306 user@p-server
sql-server :
ssh -R 14330:192.168.0.12:1433 user@p-server
and forward vnc port will be like this
ssh -R 59000:192.168.0.12:5900 user@p-server