3

After I run

$ ssh -L 9000:google.com:80 testme@localhost

how can I verify that the port forwarding is established by checking the sockets (internet and unix domain sockets)?

Thanks.

Jeff Schaller
  • 66,199
  • 35
  • 114
  • 250
Tim
  • 98,580
  • 191
  • 570
  • 977

2 Answers2

3

There are many complementary ways of doing it:

On your local machine

You can run your ssh command with -v option, and there will be information about forwarding:

debug1: Local connections to LOCALHOST:9000 forwarded to remote address google.com:80
debug1: Local forwarding listening on ::1 port 9000.
debug1: channel 0: new [port listener]
debug1: Local forwarding listening on 127.0.0.1 port 9000.
debug1: channel 1: new [port listener]

Run netstat -tulpn and you should see if there is entry with ssh running on port 9000. This shows listening ports. It does not show actively forwarded connections!

# netstat -tulpn
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
tcp        0      0 127.0.0.1:9000          0.0.0.0:*               LISTEN      15557/ssh

On remote machine

In your currently opened session that forwards ports just tap ~# quickly and you should see if anything is using your tunnel right now (you can try connecting to your localhost:9000 with telnet command and see what happens).

The following connections are open:
  #2 client-session (t4 r0 i0/0 o0/0 e[write]/4 fd 6/7/8 sock -1 cc -1)
  #3 direct-tcpip: listening port 9000 for google.com port 80, connect from 127.0.0.1 port 57060 to 127.0.0.1 port 9000 (t4 r1 i0/0 o0/0 e[closed]/0 fd 9/9/-1 sock 9 cc -1)

Also netstat -tulpn should tell you about open ports on this machine, but there is no guarantee that those ports opened are the one you've made with connection. Most of the time you will not have root access to remote machine so you cannot check PID of your SSH session and PID in netstat results.

DevilaN
  • 1,918
  • 10
  • 17
2

Once the SSH connection is established, you’ll see a listening socket on port 9000:

$ ss -o state listening 'sport = 9000'
Netid Recv-Q Send-Q         Local Address:Port                          Peer Address:Port
tcp   0      128                127.0.0.1:9000                                     *:*
tcp   0      128                      ::1:9000                                    :::*

You won’t see a connection to google.com until a connection is established to port 9000; run

$ nc localhost 9000

then in another terminal you’ll see something like

$ ss -o state established 'dport = 80'
Netid Recv-Q Send-Q         Local Address:Port                          Peer Address:Port
tcp   0      0                 10.10.10.2:34948                       216.58.204.142:http

with a peer address belonging to Google.

Stephen Kitt
  • 411,918
  • 54
  • 1,065
  • 1,164
  • Question about your reply https://unix.stackexchange.com/questions/499190/where-is-the-official-documentation-debian-package-iproute-doc – Tim Feb 07 '19 at 01:18
  • https://unix.stackexchange.com/questions/499198/what-is-timer-information-shown-by-ss-o and https://unix.stackexchange.com/questions/499199/what-is-inet-prefix – Tim Feb 07 '19 at 02:38