A remote (incoming) tunnel forwards traffic coming to a remote port to a specified local port.
With sshg3
on the command line, the syntax of the
remote tunneling command is as follows:
client$ sshg3 -R [protocol/][listen-address:]listen-port:dst-host:dst-port server
Setting up remote tunneling allocates a listener port on the remote server. Whenever a connection is made to this listener, the connection is tunneled over Secure Shell to the local client and another connection is made from the client to a specified destination host and port. The connection from the client onwards will not be secure, it is a normal TCP connection.
For example, if you issue the following command, all traffic which comes to port 1234 on the server will be forwarded to port 23 on the client. See Figure 8.4.
sshclient$ sshg3 -R 1234:localhost:23 username@sshserver
The forwarding address in the command is resolved at the (local)
end point of the tunnel. In this case localhost
refers to
the client host.
By default, remote tunnels are allowed from all addresses for all
users. The default setting equals the following in the
ssh-server-config.xml
file:
<services> <rule> <tunnel-remote action="allow" /> ... </rule> </services>
The connections can be restricted by specifying allowed addresses with
the src
and listen
elements. If any addresses are
specified as allowed, remote tunnels to all other addresses are implicitly
denied. See Remote Tunneling Rule Examples for usage
examples.
Using the SSH Tectia Server Configuration GUI on Windows, the tunneling settings are made under the Services page on the Remote Tunnels tab. See Remote Tunnels.