SSH Tunnel (Port Forwarding) – Turn personal PC into “Behind-the-scenes boss”

why

• SSH Tunnel
• Port forwarding

SSH Tunnel is not the same as port forwarding. SSH Tunnel is not the same as port forwarding. SSH Tunnel is the same as port forwarding.

Applicable scenario

You want to start the service locally on your computer, so that the requests sent from the Internet to the server can be redirected to your computer, which makes debugging more convenient.

This debug mode is used only in special scenarios, such as forcing a fixed IP address. Most of the online tutorials are port mapping to a device in the LAN, should be out of the operation and maintenance to practitioners, as developers of this blog to simplify the scene is the server port mapping to their own computers.

The environment

• Linux, Windows, Mac

Refer to the blog

• Somehow, the reference blog was harmonized…

background

Recently, DUE to work reasons, I took over a project related to wechat public account. After the project is deployed, it is found that the functionality is not fully functional, so it is necessary to check the interruption point to see what the problem is. As the development involves wechat public platform, IP is required to be added to the whitelist, so “fixed IP” is required. Moreover, as some modules of the project need to use HTTPS, HTTPS is more convenient than local construction. The above two reasons lead me to use port mapping.

implementation

SSH - p22 - I NAME. Pem - N - R 0.0.0.0:8080:127.0.0.1: USER @ 8080 IPCopy the code

• Well, it’s as simple as that, just a command………
• Name. pem: indicates the pem file. Index the execution path to the pem file, or write it as an absolute path of the PEM. If you use the account and password to log in, delete -i name. pem. The password is required after you enter the command
• USER: indicates the USER name for logging in to the server, for example, root
• IP: public IP address of the server

note

• Blogs usually talk about -L-d, but since I don’t use either mode in my scenario, I won’t cover it here.
• To obtain a token from a wechat server, it is not necessary to use a server with a fixed IP address. In fact, it is also possible to obtain a token by adding the temporary IP address of a PC to the wechat IP whitelist. However, the disadvantage is that the dynamic IP address will change, so it needs to be replaced when the IP address changes, which is quite troublesome.

Afterword.

Another problem I have encountered with port mapping is that port mapping can map all the services received by a port on the server to the local computer, but how do I control all the requests from the local computer to go to the server? We all know that when a network request is made locally, the port that initiates the request is not completely controllable. Therefore, even if port mapping is used, it is nothing more than realizing the situation that an agent will tell me what he has heard, but I still have to talk to outsiders directly, as shown in the following figure. What if I wanted to be a “behind-the-scenes boss” and do the transformation entirely through an agent?

The only thing we need to do is to have all requests made by the PC run through a cloud server with a fixed IP address. Recommended tools such as TinyProxy are not covered here for some reason, but interested readers can check the documentation for implementation.

When port mapping and TinyProxy are set up, ECS will become the spokesperson of our PC on the Internet, which is to achieve the effect shown in the following figure. He becomes the “boss behind the scenes”.

For more original Haytham articles, please follow the public account xu Julong: