Port forwarding methods:
- Port forwarding is the ability to forward traffic between other ports to a single monitoring port.
- Port forwarding allows remote computers (for example, computers on the Internet) to connect to a specific computer or service within a private local-area network (LAN).
Port forwarding can be divided into the following methods:
- Local port forwarding
- Remote port forwarding
- Dynamic port forwarding
Local port forwarding:
- Local port forwarding is the most common type of port forwarding. It is used to forward data securely from another client application running on the same computer as the Secure Shell Client.
- Local Port Forwarding lets a user connect from the local computer to another server. By using local port forwarding, firewalls that block certain web pages are able to be bypassed.
- Two important items in local port forwarding are the destination server, and two port numbers. Connections from the SSH client are forwarded via the SSH server, then to a destination server.
- Local port forwarding forwards data from another client application running on the same computer as the Secure Shell Client. The Secure Shell client is configured to redirect data from a specified local port through the secure tunnel to a specified destination host and port.
- This port is on the same computer as the Secure Shell client. Any other client can be configured that is running on the same computer to connect to the forwarded port (rather than directly to the destination host and port).
- After this connection is established, the Secure Shell client listens on the specified port and redirects all data sent to that port through the secure tunnel to the Secure Shell server. The server decrypts the data, and then directs it to the destination host and port.
- On the command line, “-L” specifies local port forwarding. The destination server, and two port numbers need to be included. Port numbers less than 1024 or greater than 49150 are reserved for the system.
- Some uses of local port forwarding: Using local port forwarding to Receive Mail and Connect from a laptop to a website using an SSH tunnel.
Remote port forwarding:
- Remote port forwarding enables applications on the server side of a Secure Shell (SSH) connection to access services residing on the SSH's client side.
- In addition to SSH, there are proprietary tunnelling schemes that utilize remote port forwarding for the same general purpose.
- Remote port forwarding lets users connect from the server side of a tunnel, SSH or another, to a remote network service located at the tunnel's client side.
- To use remote port forwarding, the address of the destination server (on the tunnel's client side) and two port numbers must be known. The port numbers chosen depend on which application is to be used.
- Remote port forwarding allows other computers to access applications hosted on remote servers. Example: Opening remote desktop sessions is a common use of remote port forwarding. Through SSH, this can be accomplished by opening the virtual network computing port (5900) and including the destination computer’s address.
Dynamic port forwarding:
- Dynamic port forwarding (DPF) is an on-demand method of traversing a firewall or NAT through the use of firewall pinholes.
- It enable clients to connect securely to a trusted server that acts as an intermediary for the purpose of sending/receiving data to one or many destination servers.
- DPF can be implemented by setting up a local application, such as SSH, as a SOCKS proxy server, which can be used to process data transmissions through the network or over the Internet.
- Programs, such as web browsers, must be configured individually to direct traffic through the proxy, which acts as a secure tunnel to another server. Once the proxy is no longer needed, the programs must be reconfigured to their original settings. Because of the manual requirements of DPF, it is not often used.
- Once the connection is established, DPF can be used to provide additional security for a user connected to an untrusted network. Since data must pass through the secure tunnel to another server before being forwarded to its original destination, the user is protected from packet sniffing that may occur on the LAN.
- DPF is a powerful tool with many uses; for example, a user connected to the Internet through a coffee shop, hotel, or otherwise minimally secure network may wish to use DPF as a way of protecting data. DPF can also be used to bypass firewalls that restrict access to outside websites, such as in corporate networks.
Disadvantages of port forwarding:
- The disadvantage of port forwarding is that it only allows one client on the network to use a particular service that occupies a particular port.
- Another disadvantage is that remote clients require local administrator access on the machine from which they are connecting. This is due to the local hosts file has to be modified when entering an entry for the remote server.
- Port Triggering is more secure than port forwarding, because the incoming ports are not open all the time, they are open only when a program is actively using the trigger port.