Port Forwarding - Red Hat ENTERPRISE LINUX 4.5.0 Reference Manual

After supplying the root password for the server, the Red Hat Update Agent appears and
allows the remote user to safely update the remote system.

5.2. Port Forwarding

SSH can secure otherwise insecure TCP/IP protocols via port forwarding. When using this
technique, the SSH server becomes an encrypted conduit to the SSH client.
Port forwarding works by mapping a local port on the client to a remote port on the server. SSH
can map any port from the server to any port on the client; port numbers do not need to match
for this technique to work.
To create a TCP/IP port forwarding channel which listens for connections on the localhost, use
the following command:
ssh -L local-port:remote-hostname:remote-portusername@hostname
Note
Setting up port forwarding to listen on ports below 1024 requires root level
access.
To check email on a server called
connection, use the following command:
ssh -L 1100:mail.example.com:110 mail.example.com
Once the port forwarding channel is in place between the client machine and the mail server,
direct a POP3 mail client to use port 1100 on the localhost to check for new mail. Any requests
sent to port 1100 on the client system are directed securely to the
If
mail.example.com
is, SSH can still be used to secure part of the connection. However, a slightly different
command is necessary:
ssh -L 1100:mail.example.com:110 other.example.com
In this example, POP3 requests from port 1100 on the client machine are forwarded through the
SSH connection on port 22 to the SSH server,
connects to port 110 on
technique only the connection between the client system and
is secure.
mail.example.com
is not running an SSH server, but another machine on the same network
mail.example.com
using POP3 through an encrypted
mail.example.com
other.example.com
to check for new mail. Note, when using this
other.example.com
Port Forwarding
server.
. Then,
other.example.com
SSH server
361