http://hi.baidu.com/davyup/blog/item/229e99cb25e8b51abf09e66d.html
向隧道-隧道监听本地port,为普通活动提供安全连接
ssh -qTfnN -L port:host:hostport -l user remote_ip
2.反向隧道----隧道监听远程port,突破防火墙提供服务
ssh -qTfnN -R port:host:hostport -l user remote_ip
3.socks代理
SSH -qTfnN -D port remotehost(用证书验证就直接主机名,没用的还要加上用户名密码)
-q Quiet mode. 安静模式,忽略一切对话和错误提示。
-T Disable pseudo-tty allocation. 不占用 shell 了。
-f Requests ssh to go to background just before command execution. 后台运行,并推荐加上 -n 参数。
-n Redirects stdin from /dev/null (actually, prevents reading from stdin). -f 推荐的,不加这条参数应该也行。
-N Do not execute a remote command. 不执行远程命令,专为端口转发度身打造。
虽然反向隧道在穿透内网放火墙的时候很好用,cron加上ssh-agent能实现无人职守下的主动连接,但是目前面临一个比较严重的问题,那就是隧道的不稳定性,基本上ssh反向隧道只能坚持10分钟左右就莫名奇妙的关闭掉了,是网路太差引起的断线?还是反向隧道本身的不完善性?我试图在网上找一个ssh社区去询问一下高手,但是我发现这样的社区是不存在的....也许有人会说可以每隔十分钟再重新发一次反向连接阿,但是经我尝试,发现即使是每隔10分钟重发一次反向隧道也不能解决问题,因为虽然反向隧道中断但反向隧道的进程还在,即使重发请求也不能将反向隧道重新接通...
http://sdfclub.cn/viewtopic.php?t=118&sid=cb71241647edd5cdc82b454bbdb9aa5c
There are two kinds of port forwarding: local and remote forwarding. They are also called outgoing and incoming tunnels, respectively. Local port forwarding forwards traffic coming to a local port to a specified remote port.
For example, if you issue the command
ssh2 -L 1234:localhost:23 username@host
all traffic coming to port 1234 on the client will be forwarded to port 23 on the server (host). Note that localhost will be resolved by the sshdserver after the connection is established. In this case localhost therefore refers to the server (host) itself.
Remote port forwarding does the opposite: it forwards traffic coming to a remote port to a specified local port.
For example, if you issue the command
ssh2 -R 1234:localhost:23 username@host
all traffic which comes to port 1234 on the server (host) will be forwarded to port 23 on the client (localhost).
It is important to realize that if you have three hosts, client, sshdserver, and appserver, and you forward the traffic coming to the client's port x to the appserver's port y, only the connection between the client and sshdserver will be secured. See Figure Forwarding to a third host. The command you use would be something like the following:
ssh2 -L x:appserver:y username@sshdserver
http://www.dd-wrt.com/wiki/index.php/Telnet/SSH_and_the_Command_Line#Remote_Port_Forwarding
Remote Port Forwarding
This is useful to tunnel things like RDP (Remote Desktop) through an encrypted SSH tunnel over the internet. For example, you want to be able to access your work computer from home.
If you had:
HomePC <-> Router <-> Internet <-> Firewall <-> WorkPC
WorkPC, which is running RDP on port 3389, issues ssh -R 5555:localhost:3389 root@router.home
HomePC can use his RDP client to connect to port 5555 on the router and this would create an SSH tunnel which will connect HomePC to port 3389 on the WorkPC
注解:
在WorkPC 执行 ssh -R 5555:localhost:3389 root@router.home
这样 localhost会解析为WorkPC
HomePC对router.home的5555端口的访问被转发到WorkPC的3389端口
--EOF--