SSH REMOTE PORT FORWAR NEW TUTORIAL

علی ذوالفقار
1402/12/20 23:30:18 (144)
private servers are behind firewall
there is 3 server in private network ( protected by firewall )
    172.32.1.1 ( source server )->( have access to other server via second NIC with ip : 192.168.0.10 ) 
    192.168.0.11 run vnc and mysql 
    192.168.0.12 run sql-server and rdp service

only source server have access to internet or at least have access to ssh on public server 

clients need to connect to ssl-vpn to connect to private servers
only laptop-a have access to ssl-vpn ( have trusted ip or in trusted network )

1 - laptop-a connect to ssl-vpn
2 - laptop-a ssh to 172.32.1.1 ( source server )
3 - now laptop-a have access to all 3 private server
4 - we want laptop-b can connect to services and servers in private network without using ssl-vpn
    using ssh remote port forward from private network source server to 
our public server ( 172.32.20.10 ) 

run ssh to remote port forward like this : 
    p-ip   : public-server-ip  
    p-port : public-server-port 
    s-ip   : source-server-ip 
    s-port : source-server-port 

in source server (172.32.1.1/192.168.0.10) 
ssh -R ::: user@p-server 
or in short hand : 
ssh -R :: user@p-server 

give access to laptop-b to ssh to source-server : 
    ssh -R 2222:127.0.0.1:22 user@p-server
this will bind 127.0.0.1:22 to public-server port 2222 
so laptop-b can ssh to public server like this : 
    ssh user@172.32.20.10 -p 22
but can ssh to source server in private network like this : 
    ssh user@172.32.20.10 -p 2222

give access to connect to windows-rdp on 192.168.0.12 in private network : 
    ssh -R 33890:192.168.0.12:3389 user@p-server
this will forward port 3389 ( rdp-port ) to port 33890 on public server 
so laptop-b can connect to private server rdp like this : 
    mstsc /v:172.32.20.10:33890

forward mysql and sql-server ports are like this : 
    mysql : 
    ssh -R 33060:192.168.0.11:3306 user@p-server

    sql-server : 
    ssh -R 14330:192.168.0.12:1433 user@p-server

and forward vnc port will be like this 
    ssh -R 59000:192.168.0.12:5900 user@p-server
Back