It’s often required to open different kind of connections to a server where there is available just a SSH account (or where only the port
22 is open).
Using ssh tunneling it’s easy to to access any port on the server, or even to connect to any other servers reachable from the server where the SSH account is available.
To access directly (i.e. with MySQL Query Browser) a MySQL service on the remote server, where the access to the port
3306 is denied, the trick is to open a SSH tunnel to the remote server, mapping an arbitrary local port the the remote port
3306. In the following example the local port
5306 is used:
ssh -L 5306:remoteserver.com:3306 email@example.com
In this case, the local port
5306 is forwarded (with ssh tunnelling) to
remoteserver.com, that attaches the tunnel on its port
When the tunnel is open, it’s only required to setup MySQL Query Browser to connect on
localhost:5306 and the connection will be magically forwarded to the remote server on its port
It’s even possible to set the remote side of the tunnel to be mapped not on the remote server itself, but on a different host.
For example, if the local computer is not allowed to access IRC servers, an idea could be to use a remote server where a SSH account is available to tunnel the IRC connections.
Here is an example:
ssh -L 8666:ircserver.org:6666 firstname.lastname@example.org
In this case the local port
8666 is mapped on the port
6666 of the IRC server
ircserver.org, so the local IRC client (i.e. mIRC) should be simply setup to connect on
localhost on the port
Finally, other people in the local network might desire to use the tunnel to the remote server (in this example it’s a IRC server). If the client that opened the SSH tunnel has the IP address
192.168.1.1, the other clients on the local network should connect to
192.168.1.1:8666 to reach the remote ircserver.org on the port 6666.
In this last case, it’s important to make sure that the tunnel binds to the correct local IP address.
If the local client has 2 addresses:
192.168.1.1, it’s useful to open the tunnel binding it on
192.168.1.1. In this way other clients on the LAN can use the tunnel. This is the syntax:
ssh -L 192.168.1.1:8666:ircserver.org:6666 email@example.com