Local Tunnels

Non-Transparent TCP Tunneling
Non-Transparent FTP Tunneling
SOCKS Tunneling

A local (outgoing) tunnel forwards traffic coming to a local port to a specified remote port.

With sshg3 on the command line, the syntax of the local tunneling command is as follows:

client$ sshg3 -L [protocol/][listen-address:]listen-port:dst-host:dst-port sshserver

where:

[protocol/] specifies which protocol is to be used in the tunneled connection, it can be ftp or tcp (optional argument). The default is tcp.
[listen-address:] defines which interface on the local client will be listened to (optional argument). By default all interfaces are listened.
listen-port is the number of the port on the local client, and connections coming to this port will be tunneled to the server.
dst-host:dst-port define the destination host address and the port to which the connection is tunneled from the server.
sshserver is the IP address or the host name of the Secure Shell server.

The host name or IP address of the destination host and sshserver can be defined as regular expressions that follow the egrep syntax, but no wildcards are supported.

	Note
	If `dst-host` is specified as a domain name rather than IP address, the name will be resolved according to the address family settings of `sshserver`. For example, if the domain name is resolved to an AAAA DNS record (IPv6) and the address family setting of the server is `inet` (IPV4), the tunnel will not work.

Setting up local tunneling allocates a listener port on the local client host. Whenever a connection is made to this listener, the connection is tunneled over Secure Shell to the remote server and another connection is made from the server to a specified destination host and port. The connection from the server onwards will not be secure, it is a normal TCP connection.

	Note
	Every user with access to the local client host will be able to use the local tunnels.

Figure 6.1 shows the different hosts and ports involved in local tunneling (port forwarding).

Figure 6.1. Local tunneling terminology

For example, when you issue the following sshg3 command on the command line, all traffic coming to port 1234 on the client host will be forwarded to port 23 on the server.

client$ sshg3 -L 1234:localhost:23 --abort-on-failing-tunnel username@sshserver

The forwarding address in the command is resolved at the (remote) end point of the tunnel. In this case localhost refers to the server host (sshserver).

In this example, also the --abort-on-failing-tunnel option is specified. It causes the command to abort if creating the tunnel listener fails (for example, if the port is already reserved). Normally if the connection to the server succeeds, but creating the listener fails, no error message is given.