Port Forwarding

SSH port forwarding is a method of transporting arbitrary data over an encrypted SSH connection.

SSH tunnels allow connections made to a local port (that is, to a port on your own desktop) to be forwarded to a remote machine via a secure channel.

Link to helpful articles

• https://www.ssh.com/academy/ssh/tunneling-example
• https://goteleport.com/blog/ssh-tunneling-explained/
• https://blog.knoldus.com/exposing-container-ports-in-docker

ssh -NfL 8081:localhost:8081 s36gong@trpro-ubuntu2.cluster.watonomous.ca

High-Level Overview

Port forwarding allows you to access the ports of another computer from your own.

When you connect from your local computer to a remote server via ssh, you need to do SSH port forwarding using the command ssh -L, which performs local port forwarding (i.e. you are listening to a remote port on your port)

ssh -L 80:intra.example.com:80 gw.example.com

If you want to do remote port forwarding, you can do

ssh -R 8080:localhost:80 public.example.com

which allows anyone on the remote server to connect to your local port 8080. So it’s the reverse directly of -L flag (so you are the one publishing to your port).

Local vs. Remote Port Forwarding

• Local Port Forwarding (-L): Forwards a connection from the client host to the SSH server host and then to the destination host port.
• Remote Port Forwarding (-R): Forwards a port from the server host to the client host and then to the destination host port.
• Dynamic Port Forwarding (-D): Creates a SOCKS proxy server that allows communication across a range of ports.

Docker Port Forwarding

One of the disadvantages of running things inside docker containers is that you cannot access them anymore from your local machine. However, you can very easily do Port Forwarding.

To make a port available to services outside of Docker, use the -p flag, ex:

docker run -d -p 8080 an_image

or better inside the docker-compose.yml file, add

ports:
  - "8081:8081"

Good Stackoverflow thread on the difference between exposing in Dockerfile vs. in the command line with -p.

#gap-in-knowledge Does port forwarding work as a talker-listener relationship?

Port Forwarding at WATonomous

The way port forwarding at WATonomous works may seem intimidating (because we do it twice), but it is relatively straightforward. There are 2 steps:

1. (Forward from Docker container $\to$ Server) Our code runs inside a Docker container on a remote server. Therefore we must first expose this to outside the container, by changing the docker-compose.yml file, ex: 8081:8081
2. (Forward from Server $\to$ Local Machine) Then, from your local computer, you need to connect the port of the remote machine to your local machine, i.e. so run something such as

ssh -NfL 8081:localhost:8081 s36gong@trpro-ubuntu2.cluster.watonomous.ca

You can then access the port on your computer by opening http://localhost:8081/ on your local browser.

If i am sharing a computer with other users, is the port user specific, or are the ports shared?

For example, if another application is already using port 8765, you generally can’t use it with a different application simultaneously. This is because a network port can usually only be bound to one application at a time.