Port forwarding via SSH tunneling creates a secure connection between a local computer and a remote computer through which services can be relayed. Port forwarding can also provide a way to connect to a remote host that is not directly reachable from the localhost.
To configure port forwarding, you will have to perform the same steps as registering an SSH server (see Secure Shell - SSH Tool), then enter the information in the Port Forwarding section:
- Enter the local port in the Local Source Port field.
- Enter the server that you want to forward to in the Destination field. Note that this server can be the same server as the SSH server itself. The reason for doing this is to establish a secure connection from the local host to this server, and you don't want to dedicate another server just to provide the port forwarding.
- Click the Add button to save this port forwarding entry.
- You may repeat the above steps to port forward to multiple destination servers.
- Click the Save button to complete the SSH server registration.
Example:
In the above example, we have configured port forwarding on the 10.220.201.174 server, which is bound to port 9998 on the local host where ADS is running. To activate this port forwarding, you will need to right-click on this SSH Connection that you have registered and select the Open option. This will open an SSH connection to the 10.220.201.174 server on port 22, and configure port forwarding to the 10.220.201.93 server on port 3306, which is bound to port 9998 on the local host where ADS is running. This is equivalent to executing the following command on the localhost:
ssh -L 9998:10.220.201.93:3306 10.220.201.174
Note:
- Opening the SSH Connection (with or without port forwarding) will open an SSH shell in the right-hand side panel of the ADS window.
- Any port forwarding information will be shown to the right of the toolbar buttons in the SSH shell.
- To close the port forwarding on this server, just close the SSH shell.
- When you launch ADS, any open port forwarding in the previous session is automatically re-establish in the new session.
With the above port forwarding open, any connection to localhost:9998 will be forwarded to the 10.220.201.93 server on port 3306, via the 10.220.201.174 server on port 22. In order for this port forwarding to work and make sense, please note the following:
- The client connecting to localhost:9998 does not have to be aware of the port forwarding.
- The 10.220.201.174 host must have an SSH server running on port 22, and be reachable from the local host.
- The 10.220.201.93 server, port 3306 must be reachable from the 10.220.201.174 host.
- The 10.220.201.93 server, port 3306 does not have to (but could) be directly reachable from the localhost.
Usage Example
In the following example, we'll use our previously configured SSH connection with port forwarding to connect securely from ADS to MySQL database running on the 10.220.201.93 server on port 3306. Also in this example, the 10.220.201.93 server is firewall-protected to keep out external attackers so that you can’t directly access the database server. It is configured to be accessible only from the 10.220.201.174 jump box.
When we register the MySQL database server, we enter the connection information as localhost, port 9998. With this database connection setup and the port forwarding we have in the earlier example, the communication between ADS and MySQL will happen via the secure SSH tunnel. Note that in order for this to work, the SSH connection with port forwarding has to be opened and remain open for the duration of this database session.