test

System Administration Guide: Security Services

ProcedureHow to Use Port Forwarding in Solaris Secure Shell

You can specify that a local port be forwarded to a remote host. Effectively, a socket is allocated to listen to the port on the local side. The connection from this port is made over a secure channel to the remote host. For example, you might specify port 143 to obtain email remotely with IMAP4. Similarly, a port can be specified on the remote side.

Before You Begin

To use port forwarding, the administrator must have enabled port forwarding on the remote Solaris Secure Shell server. For details, see How to Configure Port Forwarding in Solaris Secure Shell.

  1. To use secure port forwarding, choose one of the following options:

    • To set a local port to receive secure communication from a remote port, specify both ports.

      Specify the local port that listens for remote communication. Also, specify the remote host and the remote port that forward the communication.


      myLocalHost% ssh -L localPort:remoteHost:remotePort

    • To set a remote port to receive a secure connection from a local port, specify both ports.

      Specify the remote port that listens for remote communication. Also, specify the local host and the local port that forward the communication.


      myLocalHost% ssh -R remotePort:localhost:localPort
Example 19–4 Using Local Port Forwarding to Receive Mail

The following example demonstrates how you can use local port forwarding to receive mail securely from a remote server.


myLocalHost% ssh -L 9143:myRemoteHost:143 myRemoteHost

This command forwards connections from port 9143 on myLocalHost to port 143. Port 143 is the IMAP v2 server port on myRemoteHost. When the user launches a mail application, the user needs to specify the local port number, as shown in the following dialog box.

Dialog box titled Mailer - Login. The IMAP Server field shows the server name followed by a colon and the port number.

Do not confuse localhost in the dialog box with myLocalHost. myLocalHost is a hypothetical host name. localhost is a keyword that identifies your local system.

Example 19–5 Using Remote Port Forwarding to Communicate Outside of a Firewall

This example demonstrates how a user in an enterprise environment can forward connections from a host on an external network to a host inside a corporate firewall.


myLocalHost% ssh -R 9022:myLocalHost:22 myOutsideHost

This command forwards connections from port 9022 on myOutsideHost to port 22, the sshd server, on the local host.


myOutsideHost% ssh -p 9022 localhost
myLocalHost%