Abstract
- A technique used for remote machine to access a service running on our machine via an intermediate server. It is like the reverse of Local Port Forwarding. The intermediate server functions like a Reverse Proxy (反向代理), the Client doesn’t know which server it is actually accessing
Main purpose: exposing private services with ease securely
The main purpose of remote port forwarding is exposing private services running on our machine in Local Area Network (LAN) as if they are running on the intermediate server which is publicly accessible. By exposing the private services, we don’t need to modify our machine’s Firewall or Network Router’s firewall, like what can be achieved with Cloudflare Tunnel and Ngrok.
Our machine usually located in a Local Area Network (LAN) and isn’t expose to the Internet, but has direct access to the intermediate server.
Intermediate server needs be a machine is exposed to the remote machines and our machine. Bastion host - Wikipedia that has direct access to the destination machine
Remote machines are machines that have direct access to the intermediate server, but no direct access to our machine.
Refer to SSH Remote Port Forwarding for a more visual and concrete explanation.
SSH Remote Port Forwarding
- Using SSH to build up a secure connection between the our machine and the intermediate server, this prevents man-in-the-middle attack. The data is transferred in the SSH Channel
Attention
In order to have SSH remote port forwarding setup successfully, you need to modify
/etc/ssh/sshd_config
on the intermediate server, and haveGatewayPorts yes
added in!
- The diagram below shows the SSH commands used to create a Remote Port Forwarding. So the remote services can access private service running on the our own machine via the intermediate server
- The private services don’t need to be running on your own machine, it can be any private services that our own machine has access to!