SSH support tunnel in three type:
1.dymanic
2.forward local port to remote address
3.forward remoteport to localhost address
1.dymanic tunnel just like kind of socket proxy.
一開始覺得2和3好像就是把話反過來說,有什麼不一樣,看了好一下子才懂不同之處。那是因為我一直以port mapping的想法去看他,你map給我跟我map給你最後還不是一樣通。不過真的了解之後,那還真的就是不一樣。
forward local port to remote address
=>簡單的想法是把你local的某一個port的request forward到另一個address (不必然是 ssh server,可能是任一台 ssh server能連上的address),所以你在ssh client上連到client的local port就會像是連到remote address一樣。
=>將本機上的某個 port 透過ssh server 對應到遠端主機所在的某個 port
data follow:
ssh client -> internet -> ssh server -> firewall -> ap server
The request to ssh client will forward to ap server through ssh server
Scenario:
You have a server in internet and you want a secured connection. You can open a tunnel to ssh server and all client in your side can access ap server through ssh client. The other benefit is only the ssh client need permission to access internet. But socket proxy will be better solution for permission control.
forward remote port to local address
=>將 SSH Server 上的某個 port 對應到本地主機上的某個 port
所以ssh server端(以及其他能連到ssh server)的人可以利用連到ssh server的某個port,連到client本地主機的某個port。
data follow:
ssh server -> internet -> nat -> ssh client
Use forward remote port to open a ssh tunnel from ssh client to ssh server. There will a listen port in ssh server to forward all request to ssh server specified port to ssh client. All machine in ssh server side can connect to ssh client through ssh server specified port.
Scenario:
You have ssh sever and you can controll it. The user in client is unable to configure network (or server or nat or dymanic ip). You can request client open a ssh connect to server with forward remote port to local address mode. Then you can send request to client intranet by tunnel.
