SSH port forwarding enables you to establish tunnels from your local computer, through our SSH Gateway, to ports on an internal Carnegie server.
SSH tunneling is non-trivial, and requires some knowledge about network protocols and ports.
- A a free "high" port on your own computer (between 1024 and 65535)
- A "target" internal server
- A "target port" on that internal server
- An "SSH gateway" to be used to connect to the internal "target"
Setting up an SSH Tunnel
- Pick a free "high" port on your computer
For this example, we'll use port 33333, as it's usually available.
If you try 33333 and it's not available, try 33334, 33335, etc.
- Pick the "target" internal server to connect to
For this example, we'll use RDS2, rds2.dge.carnegiescience.edu
- Either know the TCP/IP port used by the protocol you'll be forwarding, or another custom "target port"
For this example, we'll be connecting via RDP which uses port 3389
- Open a new terminal window, and establish the tunnel via the SSH command with the -L flag, through the SSH gateway: ssh -L high_port:target_server:target_port username@ssh-gateway
ssh -L 33333:rds2.dge.carnegiescience.edu:3389 email@example.com
- Leave the terminal window open. The tunnel will only remain available so long as this SSH session remains connected
- Use your browser or client to connect to "localhost" on the "high port" you chose
In this example, use your Microsoft RDP client to connect to "localhost:33333"
Setting up Additional SSH Tunnels
- To establish another tunnel, use the same process, but with another "high" port number (e.g. 33334).
You can also chain multiple -L options on a single SSH call to establish multiple tunnels at once. (e.g. ssh -L 33333:localhost:5901 -L 33334:localhost:5902 -L 33335:localhost:5903 firstname.lastname@example.org)