2

I have ddwrt on my router back home and I'm playing with ssh on my laptop from a remote location to better understand ssh.

My router has port 5000 listening for incoming ssh which it port forwards to the ssh dropbear server in ddwrt.

So on my laptop, away from home. in a terminal, I type:

ssh -L 1081:www.whatsmyip.org:80 root@martinxyz.duckdns.org -p 5000

and, after the ssh sessions starts, I open a browser and type:

http://localhost:1081

It takes me to whatsmyip where my address is not the address of my router back home but that of the network my laptop is on.

Now if I set up dynamic forwarding:

ssh -D 1081 root@martinxyz.duckdns.org -p 5000

and set up the SOCKS proxy in firefox to listen on 1081, then when I open my browser and go to whatsmyip, it sees the IP address of my router back home

I can appreciate why dynamic forwarding makes my IP address appear as that of the end of the ssh tunnel at my router, as the unencrypted traffic pops out, and that reassures me that there is an ssh tunnel between me and my router back home. So that's why I was surprised that local port forwarding behaves differently in that respect because there is still an ssh tunnel between me and my router.

I'd really appreciate properly understanding why this is so and perhaps then yet another piece of the ssh jigsaw will fall into place for me. And if it's down to the SOCKS proxy that wouldn't surprise me because, despite all my reading up on it, I am only marginally clearer what that's all about.

muru
  • 193,181
  • 53
  • 473
  • 722
Martin
  • 21
  • 1
  • Correct. I typed. http:// then licalhost:t081 Because it said no links allowed with localhost in it, I urinated around getting round it and missed the full stop. – Martin Sep 17 '14 at 13:57
  • I changed it :) – Volker Siegel Sep 17 '14 at 13:58
  • Volker, if you are clever enough to edit my postings, I bet you know the answer and can explain it very simply and clearly! Anyway, I appreciate your kind correction. – Martin Sep 17 '14 at 14:11
  • Oh, you can edit your question too, there is a "edit" link at the lower left. You can even edit other peoples questions, it just needs a confirmation of someome else, up to some reputation threshold. – Volker Siegel Sep 17 '14 at 14:21
  • Regarding the question - let's see: Are you asking why the host you forward a local port to sees you local ip address? – Volker Siegel Sep 17 '14 at 14:23
  • Yes, I think that is the correct terminology. Why, when locally forwarding (-L), does the host at the final destination see my IP address as the public address of the laptop with the ssh client which originates the ssh request and not the public address of the host with the ssh server ie my router? Whereas, in contrast, when I dynamic forward (-D) and set up the socks proxy in my browser, the final destination host sees my IP address as that of the ssh server (ie the ddwrt router) and NOT that of my laptop which originates the request. – Martin Sep 17 '14 at 16:35
  • Yes, I think that's it. In my ignorance, I expected that, regardless of the type of port forwarding, local or dynamic, and just as with a vpn, I think, the public IP address of the originating host would seem to be that of the host where the ssh tunnel ends and unencrypted traffic emerges. Experimenting, I realise it's all because of the socks proxy in dynamic forwarding, but I've no idea why. – Martin Sep 17 '14 at 17:06

0 Answers0