SSH port forwarding
source (esp. of quotation or literary allusion)：https://www.cnblogs.com/sparkdev/p/7497388.html
The SSH port forwarding feature can forward network data from other TCP ports via SSH links and automatically provides the appropriate encryption and decryption services. In fact, this technique is what we often hear about as tunneling, because SSH provides a secure channel for other TCP links to travel.
We know that the FTP protocol delivers data in plaintext. But we can make the FTP client and server transfer data through SSH tunnel, thus enabling secure FTP data transfer.
A more common scenario is that our applications are often restricted by various firewalls. Common ones are banning access to certain websites, disabling certain types of software, while all your internet behavior is monitored and analyzed! Again, we can circumvent these restrictions entirely through SSH tunneling.
As shown above, with SSH port forwarding, the client side of the application and the server side of the application no longer communicate directly, but are forwarded to the SSH client and SSH server to communicate. This allows for two purposes at once: encrypted data transmission and penetration of firewalls!
In specific usage scenarios, port forwarding is subdivided into local port forwarding, remote port forwarding, dynamic port forwarding, etc. This article will describe in detail the principles of the technology and how to use it.
local port forwarding
Suppose we have a host B with a smtp server running on it, listening on port number 25, but only listening on the localhost network interface. This means that only the mail client running on host B can establish a connection to the smtp server. How to set up a mail client on another host A to send and receive emails through the smtp server on host B? A scenario like this can be easily handled with SSH's local port forwarding feature!
Assuming that SSH is installed on both hosts, we can use the SSH client on host A to make a request to the SSH server on host B to create a tunnel that performs port forwarding:.
The operation of this command is shown in the following diagram (this diagram is from the Internet).