Port forwarding involves sending connection requests to a different port than requested, a different system than requested or both. For example, you might request a connection to port 23 on a system, but find that your connection is sent to port 2323 instead, to port 23 on a remote server or to port 2323 on a remote server.
There are several reasons why people forward ports and several ways to effect the forwarding. For some sites, ports are forwarded by local systems when the intended targets are otherwise unreachable. For others, ports might be forwarded via secure tunnels as a way to secure their content.
Port forwarding is commonly used to provide users with access to systems they cannot normally reach. If only one system on your network is allowed to make telnet connections to external systems, you might want to forward your telnet requests to that system.
Port forwarding can be thought of as a combination of routing and packet rewriting. After all, to work, port forwarding needs to adjust either the destination IP, target port or both in packets to get them to the intended network services. At the same time, the forwarding has to be transparent as far as users are concerned. They might be completely unaware that their connections are being made to a system other than the one that they are addressing explicitly. In any case, the port forwarding also needs to work in both directions. If you think you're connecting to port 23 and you're really connecting to port 2323, the connection must still look like it's coming from port 23 at your end.
Port forwarding can be done on a firewall, through the use of software such as ssh or via some script or program you download or write yourself.
Forwarding ports via ssh is fairly straightforward and adds the benefit of encryption. A command such as the one shown below, for example, will send connections arriving on port 2323 to port 23 on the system called "remhost". This command actually establishes a tunnel. You will be prompted to log in on the remote system and, while the connection remains established, you and others can make use of it.
locahost# ssh -L 2323:localhost:23 remhost
If someone already logged into the local system issues a "telnet localhost 2323" command, they will end up logging into remhost. The benefit is that, because the connection is using ssh, it's encrypted even though we're connecting with telnet.
One drawback of ssh port forwarding is that these connections can only be used when you're logged into the system on which the tunnel was established.
Sign up for ITworld's Daily newsletter
Follow ITworld on Twitter @IT_world
jfruh
Apple syncing patent can't come soon enough
pasmith
New Twitter features borrow from 3rd party clients
Esther Schindler
Open Source Changes the Software Acquisition Process
mikelgan
How to set up continuous podcast play on the new iTunes
David Strom
Five important Windows 7 mobility features
sjvn
Guard your Wi-Fi for your own sake
Sandra Henry-Stocker
Grepping on Whole Words
Sidekick: The Good News & the Bad News
Either way you look at it Microsoft Data Center management did not follow standards or best practices in this failure. In which case it makes me wonder more about the outsourcing of corporate data much less personal data.
- mburton325
Join the conversation here
Quick, practical advice for IT pros. Made fresh daily.
Want to cash in on your IT savvy? Send your tip to tips@itworld.com. If we post it, we'll send you a $25 Amazon e-gift card.
The ssh -g option can be
The ssh -g option can be used to allowed remote connections to forwarded ports.