Howto tunnel TCP connections over SSH

Network Layout:

tcp-tunnel-overview

There is one server which is only connectable via SSH. This server hosts two additional services: git and http. We have no access to the firewall and can’t forward the ports. The server is a linux system, as clients windows and linux are a option.

We can use the comon git port on our client, but we can’t use port 80 on the client because there is already a webserver running.

Server configuration:

Changes in /etc/ssh/sshd_config:

....
Port 22
....
AllowTCPForwarding yes
...

Linux Client:

Only a few parameters are needed to tunnel our git and web service:

me@client$ ssh -L 10080:localhost:80 -L 9418:localhost:9418 user@server
user@server$ 

As soon as the SSH session starts, you can connect to localhost:10000 for access to the web server. The git service listens on the same port as on the server, so you only have to change the server configuration to localhost in your git client.

Windows Client:

I use putty a very common ssh client:

Open putty and enter username and destination server:

putty-server.

In Connection->SSH->Tunnels configure the tunnels:

putty-tunnel

Just click open and start the session.

Now you should connect to the tunneled services as shown in the linux config.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.