[LINUX] Did you know that you can port forward with ssh for IP aliases?

When I asked, there were many people who didn't know much, so I will write it.

As mentioned in the title, you can do port forwarding with ssh for IP aliases!

With just this, it's a little difficult to understand. In other words, forward processing with the same port number is possible for multiple destinations.

For example, communication for server A to 443 (https) and communication for server B to 443 (https) without adding a physical NIC and without changing the local monitoring port number. You can forward with a single command on one server. Of course, it is the same for any port number, not just 443.

Example

# ifconfig eth0 aaa.aaa.aaa.aaa ...

And as if it was set to the physical NIC

# ifconfig eth0:0 xxx.xxx.xxx.xxx
# ifconfig eth0:1 yyy.yyy.yyy.yyy
# ifconfig eth0:2 zzz.zzz.zzz.zzz

And suppose you have added an IP alias.

Here, the privileged port is root,

# ssh -L aaa.aaa.aaa.aaa:443:localhost:1443 -L xxx.xxx.xxx.xxx:443:localhost:2443 -L yyy.yyy.yyy.yyy:443:localhost:3443 -L zzz.zzz.zzz.zzz:443:localhost:4443 user@server

It means that you can do it.

Of course, after this, we will forward to the target server by multi-stage transfer, but The advantage of being able to transfer on is effective when you are using an application whose communication port cannot be changed. ** ** In particular, Windows apps often cannot change ports. `` Even in such a case, you can use 443 of aaa.aaa.aaa.aaa and 443 of xxx.xxx.xxx.xxx at the same time **! ** **

In addition, on Windows!

You can give multiple IP addresses to a physical NIC in the network settings of the control panel, right? Here, ** Cygwin's ssh can do the same thing **.

For example, when used in combination with this ...

[To use OpenBlocks safely without using an SSL-VPN device (use OpenBlocks like a simple VPN device)](https: / /qiita.com/shinya-kurioka/items/bb8b1ebce897d0a26965) It can be used remotely from a remote location to multiple servers on the internal network, ** more like a VPN **.

It has become a convenient world. (It's been a long time ago)

Recommended Posts

Did you know that you can port forward with ssh for IP aliases?
When you don't know the SCP when you port forward
Allow ssh only for specific IP addresses with firewalld
It seems that you can now write gate books with blueqat