Does working in different protocols cause difference in the destinations of local/remote and dynamic forwarding?

The name of the pictureThe name of the pictureThe name of the pictureClash Royale CLAN TAG#URR8PPP












1















Dynamic port forwarding using SSH knows where a request wants to go and sends it there, which is said to be due to using the SOCKS protocol.



Local and remote port forwarding using SSH forward a request to a fixed destination, instead of where the request indicates itself to go.



Is the above difference between dynamic and local/remote port forwarding because local and remote port forwarding work at a lower level protocol and doesn't have the ability to understand where a request wants to go, or because local and remote port forwarding work has the ability to know where a request wants to go but just doesn't do it?



For example, we can discuss in the following case: a HTTP client sends a HTTP request to SSH which is for either dynamic or local/remote port forwarding.



Thanks.










share|improve this question






















  • With dynamic forwarding, ALL traffic directed at the SOCKS proxy is passed through the tunnel. Part of the SOCKS protocol is to manage the destination and port. Local and remote tunnels are explicit destinations, so any traffic through those forwarded connections are already defined before the traffic is sent.

    – jsbillings
    Feb 6 at 13:58















1















Dynamic port forwarding using SSH knows where a request wants to go and sends it there, which is said to be due to using the SOCKS protocol.



Local and remote port forwarding using SSH forward a request to a fixed destination, instead of where the request indicates itself to go.



Is the above difference between dynamic and local/remote port forwarding because local and remote port forwarding work at a lower level protocol and doesn't have the ability to understand where a request wants to go, or because local and remote port forwarding work has the ability to know where a request wants to go but just doesn't do it?



For example, we can discuss in the following case: a HTTP client sends a HTTP request to SSH which is for either dynamic or local/remote port forwarding.



Thanks.










share|improve this question






















  • With dynamic forwarding, ALL traffic directed at the SOCKS proxy is passed through the tunnel. Part of the SOCKS protocol is to manage the destination and port. Local and remote tunnels are explicit destinations, so any traffic through those forwarded connections are already defined before the traffic is sent.

    – jsbillings
    Feb 6 at 13:58













1












1








1








Dynamic port forwarding using SSH knows where a request wants to go and sends it there, which is said to be due to using the SOCKS protocol.



Local and remote port forwarding using SSH forward a request to a fixed destination, instead of where the request indicates itself to go.



Is the above difference between dynamic and local/remote port forwarding because local and remote port forwarding work at a lower level protocol and doesn't have the ability to understand where a request wants to go, or because local and remote port forwarding work has the ability to know where a request wants to go but just doesn't do it?



For example, we can discuss in the following case: a HTTP client sends a HTTP request to SSH which is for either dynamic or local/remote port forwarding.



Thanks.










share|improve this question














Dynamic port forwarding using SSH knows where a request wants to go and sends it there, which is said to be due to using the SOCKS protocol.



Local and remote port forwarding using SSH forward a request to a fixed destination, instead of where the request indicates itself to go.



Is the above difference between dynamic and local/remote port forwarding because local and remote port forwarding work at a lower level protocol and doesn't have the ability to understand where a request wants to go, or because local and remote port forwarding work has the ability to know where a request wants to go but just doesn't do it?



For example, we can discuss in the following case: a HTTP client sends a HTTP request to SSH which is for either dynamic or local/remote port forwarding.



Thanks.







ssh port-forwarding






share|improve this question













share|improve this question











share|improve this question




share|improve this question










asked Feb 6 at 13:47









TimTim

27.4k78264474




27.4k78264474












  • With dynamic forwarding, ALL traffic directed at the SOCKS proxy is passed through the tunnel. Part of the SOCKS protocol is to manage the destination and port. Local and remote tunnels are explicit destinations, so any traffic through those forwarded connections are already defined before the traffic is sent.

    – jsbillings
    Feb 6 at 13:58

















  • With dynamic forwarding, ALL traffic directed at the SOCKS proxy is passed through the tunnel. Part of the SOCKS protocol is to manage the destination and port. Local and remote tunnels are explicit destinations, so any traffic through those forwarded connections are already defined before the traffic is sent.

    – jsbillings
    Feb 6 at 13:58
















With dynamic forwarding, ALL traffic directed at the SOCKS proxy is passed through the tunnel. Part of the SOCKS protocol is to manage the destination and port. Local and remote tunnels are explicit destinations, so any traffic through those forwarded connections are already defined before the traffic is sent.

– jsbillings
Feb 6 at 13:58





With dynamic forwarding, ALL traffic directed at the SOCKS proxy is passed through the tunnel. Part of the SOCKS protocol is to manage the destination and port. Local and remote tunnels are explicit destinations, so any traffic through those forwarded connections are already defined before the traffic is sent.

– jsbillings
Feb 6 at 13:58










1 Answer
1






active

oldest

votes


















1














The difference is in what the client thinks it is talking to. Taking HTTP as an example:



SSH static (local and remote) port forwards are transparent to the application using them. With HTTP the application (the browser) doesn't know it's talking to a port forward at all. For a local forward, it thinks it's talking directly to a web server running on the client ("localhost"). SSH fakes the webserver, by passing all traffic to a real webserver.



SSH dynamic port forwards are not transparent. The application (the browser) thinks it is talking to a "SOCKS proxy server", not a webserver. The application uses the SOCKS proxy server to request a connection to a webserver. It then thinks it is talking to a webserver (NOT on the SSH server or client) via the socks proxy.



As a side point, it;s possible to download and install a SOCKS proxy on a server, create a local port forward to it, and the result will be the same as a dynamic forward.






share|improve this answer

























  • Thanks. Is SSH which performs local or remote port forwarding considered as a proxy?See unix.stackexchange.com/questions/498849/…

    – Tim
    Feb 6 at 15:29











  • Is a HTTP proxy server not transparent to a HTTP client, just a SSH dynamic port forwarding proxy server is not?

    – Tim
    Feb 6 at 15:38












  • A HTTP proxy server is different again. And no. The browser needs to know it's talking to a HTTP proxy. The protocol for talking to a HTTP proxy is different to that for a web-server. From memory, the domain is split into a separate header for a regular web-server, for a proxy it's in the url. A reverse HTTP proxy is transparent.

    – Philip Couling
    Feb 6 at 15:43












  • Thanks. How about my first comment?

    – Tim
    Feb 6 at 16:48











  • I think, technically, yes they are. But but I would usually just call them a "port forward" to be clear because there are so many different types of proxy.

    – Philip Couling
    Feb 6 at 18:49










Your Answer








StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "106"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);

else
createEditor();

);

function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);



);













draft saved

draft discarded


















StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f499048%2fdoes-working-in-different-protocols-cause-difference-in-the-destinations-of-loca%23new-answer', 'question_page');

);

Post as a guest















Required, but never shown

























1 Answer
1






active

oldest

votes








1 Answer
1






active

oldest

votes









active

oldest

votes






active

oldest

votes









1














The difference is in what the client thinks it is talking to. Taking HTTP as an example:



SSH static (local and remote) port forwards are transparent to the application using them. With HTTP the application (the browser) doesn't know it's talking to a port forward at all. For a local forward, it thinks it's talking directly to a web server running on the client ("localhost"). SSH fakes the webserver, by passing all traffic to a real webserver.



SSH dynamic port forwards are not transparent. The application (the browser) thinks it is talking to a "SOCKS proxy server", not a webserver. The application uses the SOCKS proxy server to request a connection to a webserver. It then thinks it is talking to a webserver (NOT on the SSH server or client) via the socks proxy.



As a side point, it;s possible to download and install a SOCKS proxy on a server, create a local port forward to it, and the result will be the same as a dynamic forward.






share|improve this answer

























  • Thanks. Is SSH which performs local or remote port forwarding considered as a proxy?See unix.stackexchange.com/questions/498849/…

    – Tim
    Feb 6 at 15:29











  • Is a HTTP proxy server not transparent to a HTTP client, just a SSH dynamic port forwarding proxy server is not?

    – Tim
    Feb 6 at 15:38












  • A HTTP proxy server is different again. And no. The browser needs to know it's talking to a HTTP proxy. The protocol for talking to a HTTP proxy is different to that for a web-server. From memory, the domain is split into a separate header for a regular web-server, for a proxy it's in the url. A reverse HTTP proxy is transparent.

    – Philip Couling
    Feb 6 at 15:43












  • Thanks. How about my first comment?

    – Tim
    Feb 6 at 16:48











  • I think, technically, yes they are. But but I would usually just call them a "port forward" to be clear because there are so many different types of proxy.

    – Philip Couling
    Feb 6 at 18:49















1














The difference is in what the client thinks it is talking to. Taking HTTP as an example:



SSH static (local and remote) port forwards are transparent to the application using them. With HTTP the application (the browser) doesn't know it's talking to a port forward at all. For a local forward, it thinks it's talking directly to a web server running on the client ("localhost"). SSH fakes the webserver, by passing all traffic to a real webserver.



SSH dynamic port forwards are not transparent. The application (the browser) thinks it is talking to a "SOCKS proxy server", not a webserver. The application uses the SOCKS proxy server to request a connection to a webserver. It then thinks it is talking to a webserver (NOT on the SSH server or client) via the socks proxy.



As a side point, it;s possible to download and install a SOCKS proxy on a server, create a local port forward to it, and the result will be the same as a dynamic forward.






share|improve this answer

























  • Thanks. Is SSH which performs local or remote port forwarding considered as a proxy?See unix.stackexchange.com/questions/498849/…

    – Tim
    Feb 6 at 15:29











  • Is a HTTP proxy server not transparent to a HTTP client, just a SSH dynamic port forwarding proxy server is not?

    – Tim
    Feb 6 at 15:38












  • A HTTP proxy server is different again. And no. The browser needs to know it's talking to a HTTP proxy. The protocol for talking to a HTTP proxy is different to that for a web-server. From memory, the domain is split into a separate header for a regular web-server, for a proxy it's in the url. A reverse HTTP proxy is transparent.

    – Philip Couling
    Feb 6 at 15:43












  • Thanks. How about my first comment?

    – Tim
    Feb 6 at 16:48











  • I think, technically, yes they are. But but I would usually just call them a "port forward" to be clear because there are so many different types of proxy.

    – Philip Couling
    Feb 6 at 18:49













1












1








1







The difference is in what the client thinks it is talking to. Taking HTTP as an example:



SSH static (local and remote) port forwards are transparent to the application using them. With HTTP the application (the browser) doesn't know it's talking to a port forward at all. For a local forward, it thinks it's talking directly to a web server running on the client ("localhost"). SSH fakes the webserver, by passing all traffic to a real webserver.



SSH dynamic port forwards are not transparent. The application (the browser) thinks it is talking to a "SOCKS proxy server", not a webserver. The application uses the SOCKS proxy server to request a connection to a webserver. It then thinks it is talking to a webserver (NOT on the SSH server or client) via the socks proxy.



As a side point, it;s possible to download and install a SOCKS proxy on a server, create a local port forward to it, and the result will be the same as a dynamic forward.






share|improve this answer















The difference is in what the client thinks it is talking to. Taking HTTP as an example:



SSH static (local and remote) port forwards are transparent to the application using them. With HTTP the application (the browser) doesn't know it's talking to a port forward at all. For a local forward, it thinks it's talking directly to a web server running on the client ("localhost"). SSH fakes the webserver, by passing all traffic to a real webserver.



SSH dynamic port forwards are not transparent. The application (the browser) thinks it is talking to a "SOCKS proxy server", not a webserver. The application uses the SOCKS proxy server to request a connection to a webserver. It then thinks it is talking to a webserver (NOT on the SSH server or client) via the socks proxy.



As a side point, it;s possible to download and install a SOCKS proxy on a server, create a local port forward to it, and the result will be the same as a dynamic forward.







share|improve this answer














share|improve this answer



share|improve this answer








edited Feb 6 at 14:10

























answered Feb 6 at 14:03









Philip CoulingPhilip Couling

1,255918




1,255918












  • Thanks. Is SSH which performs local or remote port forwarding considered as a proxy?See unix.stackexchange.com/questions/498849/…

    – Tim
    Feb 6 at 15:29











  • Is a HTTP proxy server not transparent to a HTTP client, just a SSH dynamic port forwarding proxy server is not?

    – Tim
    Feb 6 at 15:38












  • A HTTP proxy server is different again. And no. The browser needs to know it's talking to a HTTP proxy. The protocol for talking to a HTTP proxy is different to that for a web-server. From memory, the domain is split into a separate header for a regular web-server, for a proxy it's in the url. A reverse HTTP proxy is transparent.

    – Philip Couling
    Feb 6 at 15:43












  • Thanks. How about my first comment?

    – Tim
    Feb 6 at 16:48











  • I think, technically, yes they are. But but I would usually just call them a "port forward" to be clear because there are so many different types of proxy.

    – Philip Couling
    Feb 6 at 18:49

















  • Thanks. Is SSH which performs local or remote port forwarding considered as a proxy?See unix.stackexchange.com/questions/498849/…

    – Tim
    Feb 6 at 15:29











  • Is a HTTP proxy server not transparent to a HTTP client, just a SSH dynamic port forwarding proxy server is not?

    – Tim
    Feb 6 at 15:38












  • A HTTP proxy server is different again. And no. The browser needs to know it's talking to a HTTP proxy. The protocol for talking to a HTTP proxy is different to that for a web-server. From memory, the domain is split into a separate header for a regular web-server, for a proxy it's in the url. A reverse HTTP proxy is transparent.

    – Philip Couling
    Feb 6 at 15:43












  • Thanks. How about my first comment?

    – Tim
    Feb 6 at 16:48











  • I think, technically, yes they are. But but I would usually just call them a "port forward" to be clear because there are so many different types of proxy.

    – Philip Couling
    Feb 6 at 18:49
















Thanks. Is SSH which performs local or remote port forwarding considered as a proxy?See unix.stackexchange.com/questions/498849/…

– Tim
Feb 6 at 15:29





Thanks. Is SSH which performs local or remote port forwarding considered as a proxy?See unix.stackexchange.com/questions/498849/…

– Tim
Feb 6 at 15:29













Is a HTTP proxy server not transparent to a HTTP client, just a SSH dynamic port forwarding proxy server is not?

– Tim
Feb 6 at 15:38






Is a HTTP proxy server not transparent to a HTTP client, just a SSH dynamic port forwarding proxy server is not?

– Tim
Feb 6 at 15:38














A HTTP proxy server is different again. And no. The browser needs to know it's talking to a HTTP proxy. The protocol for talking to a HTTP proxy is different to that for a web-server. From memory, the domain is split into a separate header for a regular web-server, for a proxy it's in the url. A reverse HTTP proxy is transparent.

– Philip Couling
Feb 6 at 15:43






A HTTP proxy server is different again. And no. The browser needs to know it's talking to a HTTP proxy. The protocol for talking to a HTTP proxy is different to that for a web-server. From memory, the domain is split into a separate header for a regular web-server, for a proxy it's in the url. A reverse HTTP proxy is transparent.

– Philip Couling
Feb 6 at 15:43














Thanks. How about my first comment?

– Tim
Feb 6 at 16:48





Thanks. How about my first comment?

– Tim
Feb 6 at 16:48













I think, technically, yes they are. But but I would usually just call them a "port forward" to be clear because there are so many different types of proxy.

– Philip Couling
Feb 6 at 18:49





I think, technically, yes they are. But but I would usually just call them a "port forward" to be clear because there are so many different types of proxy.

– Philip Couling
Feb 6 at 18:49

















draft saved

draft discarded
















































Thanks for contributing an answer to Unix & Linux Stack Exchange!


  • Please be sure to answer the question. Provide details and share your research!

But avoid


  • Asking for help, clarification, or responding to other answers.

  • Making statements based on opinion; back them up with references or personal experience.

To learn more, see our tips on writing great answers.




draft saved


draft discarded














StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f499048%2fdoes-working-in-different-protocols-cause-difference-in-the-destinations-of-loca%23new-answer', 'question_page');

);

Post as a guest















Required, but never shown





















































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown

































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown






Popular posts from this blog

How to check contact read email or not when send email to Individual?

Displaying single band from multi-band raster using QGIS

How many registers does an x86_64 CPU actually have?