Port Forwarding
SSH
Local Port Forward
SSH Client
listens for a connection, on a specific portWhen
SSH Client
recieves a connection, it tunnels the connection to theSSH Server
which connects to the configured destination port.Can be used to connect to Internal resource from the outside.
ssh -L [Client_IP]:<Client_Port>:<Remote_IP>:<Remote_Port> <server/IP>
# By default Client_IP binds to localhost
Example:
ssh -L 0.0.0.0:90:192.168.10.12:80 192.168.10.87
Opens up port on
0.0.0.0
on port90
onSSH Client
which when accessed forwards the connection to192.168.10.12
on port80
which is only accessible via192.168.10.87
Remote Port Forward
SSH Server
listens for a connection on a configured port.When the port receives the connection it forwards the connection to the
SSH Client
machine on the configured destination portCan be used to expose Client localhost to the public if
SSH Server
is available on public internet
ssh -R [Server_IP]:<Server_Port>:<Client_IP><Client_Port> <server/IP>
Example:
ssh -R 0.0.0.0:8080:localhost:80 myserver.com
Opens a port
8080
onmyserver.com
which forwards the incoming connection theSSH Client
's localhost on port80
Socat
Useful when SSH is not available.
Does not come preinstalled. Need to transfer socat binary to host.
socat TCP4-LISTEN:1234,fork TCP4:1.1.1.1:4321
Opens up port
1234
on the host machine which forwards all traffic to1.1.1.1
on port4321
.Similar to local port forwarding. Can be used to access remote servers.
SOCKS Proxy
Can port forward all port dynamically
SSH
ssh -D [Local_ip]:<Local_Port> myserver.com
# Opens port on SSH Client machine
ssh -R <Remote_Port> myserver.com
# Opens port on SSH Server machine
Example:
ssh -D 9090 myserver.com
Opens up a dynamic port
9090
onlocalhost
.We can use proxy chains to use our tools with this forwarded port.
We can edit
/etc/proxychains.conf
to configure the port.
[proxyList]
socks4 127.0.0.1 9090
Now we can execute any program through proxy using
proxychains
command
proxychains curl http://remotehost.com
# will forward the http request to remotehost.com via socks proxy on localhost port 9090
Last updated