References:
1) https://www.ssh.com/ssh/tunneling/example#sec-Local-Forwarding2) https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/6/html/deployment_guide/s2-ssh-beyondshell-tcpip
Example #1 - Using Jumpstart Server:
Fromat:
ssh -L <127 .0.0.1:local_port="">:<destination_server>:<destination_port> USERNAME@<jumpstart_server>
Real Example:
from your local machine, as 'root' user:
[root@oc5748286004 ~]# hostname oc5748286004.ibm.com
[root@oc5748286004 ~]# ssh -L 127.0.0.1:2222:192.168.75.170:22 ab@158.69.253.39
[root@oc5748286004 ~]# netstat -tunpenl | grep -e Proto -e 2222 Proto Recv-Q Send-Q Local Address Foreign Address State User Inode PID/Program name tcp 0 0 127.0.0.1:2222 0.0.0.0:* LISTEN 0 3879841 8468/sshNow, SSH to '127.0.0.1' using port '2222', then you will access 'kvm-host1' using the opened SSH tunnel:
[root@oc5748286004 ~]# hostname oc5748286004.ibm.com
[ab@oc5748286004 ~]$ ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no ab@127.0.0.1 -p 2222
Example #2 - Using Remote 'localhost':
Assuming the following network, diagram, 'base.ab.lab' accept HTTP connections ONLY via 'base.ab.lab' localhost:
[root@base ~]# hostname base.lab
[root@base ~]# iptables -nvL INPUT | head -n3
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 DROP tcp -- * * 158.69.253.39 0.0.0.0/0 tcp dpt:80
Now, from your local machine, create SSH tunnel that using '158.69.253.39' public IP address as a jumpstart serer to access 'base.ab.lab' localhost on port 80.
FORMAT
ssh -L <MY_LOCALHOST>:<LOCAL_PORT>:<REMOTE_LOCALHOST>:<REMOTE_PORT> <USERNAME>@<REMOTE_PUBLIC_IP>
[root@oc5748286004 ~]# hostname oc5748286004.ibm.com
[root@oc5748286004 ~]# ssh -L 127.0.0.1:8080:localhost:80 ab@158.69.253.39
[ab@oc5748286004 ~]# hostname oc5748286004.ibm.com
[ab@oc5748286004 ~]$ lynx --dump http://127.0.0.1:8080 HTTP SERVER!
