Dynamic Tunneling
Dynamic tunneling is a transparent mechanism available for applications
that support the SOCKS4 or SOCKS5 client protocol. Instead of configuring port
forwarding from specific ports on the local host to specific ports on the remote
server, you can specify a SOCKS server which can be used by the user's
applications. Each application is configured in the regular way except that it
is configured to use a SOCKS server on a localhost port. The Secure Shell client
application opens a port in the localhost and mimics a SOCKS4 and SOCKS5 server
for any SOCKS client application.
When the applications connect to services such as IMAP4, POP3, SMTP,
HTTP, and FTP, they provide the necessary information to the SOCKS server, which
is actually the Secure Shell client mimicking a SOCKS server. The client will
use this information in creating port forwarding to the Secure Shell server and
relaying the traffic back and forth securely, as with user-specified port
forwarding.
With ssh2 on the command line, the syntax of the
dynamic tunneling command is the following:
$ ssh2 -L socks/[listen-address:]listen-port server
For example, the following command will set up dynamic tunneling
from port 1234 on the client to sshserver. The
applications are set to use a SOCKS server at port 1234 on
the client. From the server, the connections are forwarded unsecured to
the destination hosts requested by the applications.
$ ssh2 -L socks/1234 username@sshserver
