SSH impresses me each time I play with it. It is so powerful, that most of the time (90%) of the time, you aren’t using it to its greatest potential.
Here is a neat trick for creating a SSH tunnel to forward TCP based packets (this doesn’t work for UDP packets) between two servers on the internet.
You run this on the server who’s port you want to forward.
ssh -C -N -f -L localport:thelocalhostip:remoteport remoteuser@remotehost1
Here is what that will do: This will open a tunnel between localhostip:localport to remotehost1:remoteport.
What can you do with it? Well lets take a real world example. Lets say we want to forward all SMTP traffic from one server in the datacenter to another server on the other side of the world. You can do:
ssh -C -N -f -L 25:192.168.1.69:25 root@1.2.3.4
You will be prompted for a password if you don’t have authorized keys setup between the current server and the remote server (a subject for another post).
What you should be able to do is telnet to 192.168.1.69 25 and see the greeting from the SMTP server running on port 25 on 1.2.3.4.
I only used SMTP as an example, I know that there are several MTA based options that can do the same thing. However this is a good option to help make sure mail keeps flowing from an old server to a new server, if you didn’t set your TTL to a low setting when migrating servers (not that I would ever forget to do anything like that 😉 ).
You can also string more than one port on the command by adding additional -L localport:localip:remoteport.
As an added benefit this also encrypts the information between the two servers… So an added layer of security to things. Also the -C option enables compression on the tunnel for additional savings in bandwidth… See I told you SSH was cool.