Before running this command, I ran this netstat command to see if anything on my laptop "dink" was listening on port 8143:
dink:~ jmjones$ netstat -an | grep 8143 dink:~ jmjones$
Nothing was listening. After creating the tunnel, I re-ran the same netstat command and saw different results:
dink:~ jmjones$ netstat -an | grep 8143 tcp4 0 0 127.0.0.1.8143 *.* LISTEN tcp6 0 0 ::1.8143
As you can see from the second netstat comand, something (my ssh client) is listening on port 8143 on 127.0.0.1 (the local loopback network device) on my laptop "dink." Any connection made to 127.0.0.1:8143 on "dink" will be forwarded to port localhost:143 on "ezr." After creating the tunnel, I just need to configure an account on my laptop's email client to look for an imap server at localhost:8143 and it will begin reading mail on "ezr."
Given the same machines, "ezr" and "dink," let's assume this time that I want the server "ezr" to use fetchmail and pull mail messages off of my ISP's pop3 server. The problem is that my ISP only allows machines that are connected to their network to access their pop3 servers. Since my laptop, "dink," is connected directly to my ISP and the server, "dink," is not, I could create a tunnel like this:
dink:~ jmjones$ ssh -R 8110:mail.myisp.com:110 ezr
The "-R" in the command specifies that this will be a reverse forward. The "8110" in the command specifies that the remote server will bind and listen on port 8110 as the source of the tunnel. The "mail.myisp.com:110" specifies where my laptop will forward any traffic that it receives from the tunnel. And "ezr" is the machine to ssh into.
Before running this ssh command from my laptop, I ran a netstat command on the server, "ezr," to show that nothing was listening on port 8110:
jmjones@ezr:~$ netstat -an | grep 8110 jmjones@ezr:~$
Nothing was listening. After running the ssh command on my laptop "dink," I ran the same netstat command on the server, "ezr":
jmjones@ezr:~$ netstat -an | grep 8110 tcp 0 0 127.0.0.1:8110 0.0.0.0:* LISTEN tcp6 0 0 ::1:8110 :::* LISTEN
After the tunnel is created, fetchmail can run on "ezr," pop messages off of localhost:8110, and the request will be forwarded to my ISP. Of course, the tunnel will only be active while the laptop has a connection to both the server "ezr" and the ISP's mail server.
Tunneling with ssh is an easy way to create secure data transmissions. It is also a convenient way of connecting two networks that aren't directly connected. It can become an irreplaceable tool once you figure out ways you can use it.
This article was first published on EnterpriseITPlanet.com.