Does working in different protocols cause difference in the destinations of local/remote and dynamic forwarding?
Clash Royale CLAN TAG#URR8PPP
Dynamic port forwarding using SSH knows where a request wants to go and sends it there, which is said to be due to using the SOCKS protocol.
Local and remote port forwarding using SSH forward a request to a fixed destination, instead of where the request indicates itself to go.
Is the above difference between dynamic and local/remote port forwarding because local and remote port forwarding work at a lower level protocol and doesn't have the ability to understand where a request wants to go, or because local and remote port forwarding work has the ability to know where a request wants to go but just doesn't do it?
For example, we can discuss in the following case: a HTTP client sends a HTTP request to SSH which is for either dynamic or local/remote port forwarding.
Thanks.
ssh port-forwarding
asked Feb 6 at 13:47
TimTim
27.4k78264474
add a comment |
Dynamic port forwarding using SSH knows where a request wants to go and sends it there, which is said to be due to using the SOCKS protocol.
Local and remote port forwarding using SSH forward a request to a fixed destination, instead of where the request indicates itself to go.
Is the above difference between dynamic and local/remote port forwarding because local and remote port forwarding work at a lower level protocol and doesn't have the ability to understand where a request wants to go, or because local and remote port forwarding work has the ability to know where a request wants to go but just doesn't do it?
For example, we can discuss in the following case: a HTTP client sends a HTTP request to SSH which is for either dynamic or local/remote port forwarding.
Thanks.
ssh port-forwarding
asked Feb 6 at 13:47
TimTim
27.4k78264474
With dynamic forwarding, ALL traffic directed at the SOCKS proxy is passed through the tunnel. Part of the SOCKS protocol is to manage the destination and port. Local and remote tunnels are explicit destinations, so any traffic through those forwarded connections are already defined before the traffic is sent.
– jsbillings
Feb 6 at 13:58
add a comment |
Dynamic port forwarding using SSH knows where a request wants to go and sends it there, which is said to be due to using the SOCKS protocol.
Local and remote port forwarding using SSH forward a request to a fixed destination, instead of where the request indicates itself to go.
Is the above difference between dynamic and local/remote port forwarding because local and remote port forwarding work at a lower level protocol and doesn't have the ability to understand where a request wants to go, or because local and remote port forwarding work has the ability to know where a request wants to go but just doesn't do it?
For example, we can discuss in the following case: a HTTP client sends a HTTP request to SSH which is for either dynamic or local/remote port forwarding.
Thanks.
ssh port-forwarding
asked Feb 6 at 13:47
TimTim
27.4k78264474
Dynamic port forwarding using SSH knows where a request wants to go and sends it there, which is said to be due to using the SOCKS protocol.
Local and remote port forwarding using SSH forward a request to a fixed destination, instead of where the request indicates itself to go.
Is the above difference between dynamic and local/remote port forwarding because local and remote port forwarding work at a lower level protocol and doesn't have the ability to understand where a request wants to go, or because local and remote port forwarding work has the ability to know where a request wants to go but just doesn't do it?
For example, we can discuss in the following case: a HTTP client sends a HTTP request to SSH which is for either dynamic or local/remote port forwarding.
Thanks.
ssh port-forwarding
ssh port-forwarding
asked Feb 6 at 13:47
TimTim
27.4k78264474
asked Feb 6 at 13:47
TimTim
27.4k78264474
asked Feb 6 at 13:47
TimTim
27.4k78264474
asked Feb 6 at 13:47
TimTim
27.4k78264474
asked Feb 6 at 13:47
TimTim
27.4k78264474
27.4k78264474
With dynamic forwarding, ALL traffic directed at the SOCKS proxy is passed through the tunnel. Part of the SOCKS protocol is to manage the destination and port. Local and remote tunnels are explicit destinations, so any traffic through those forwarded connections are already defined before the traffic is sent.
– jsbillings
Feb 6 at 13:58
add a comment |
With dynamic forwarding, ALL traffic directed at the SOCKS proxy is passed through the tunnel. Part of the SOCKS protocol is to manage the destination and port. Local and remote tunnels are explicit destinations, so any traffic through those forwarded connections are already defined before the traffic is sent.
– jsbillings
Feb 6 at 13:58
With dynamic forwarding, ALL traffic directed at the SOCKS proxy is passed through the tunnel. Part of the SOCKS protocol is to manage the destination and port. Local and remote tunnels are explicit destinations, so any traffic through those forwarded connections are already defined before the traffic is sent.
– jsbillings
Feb 6 at 13:58
With dynamic forwarding, ALL traffic directed at the SOCKS proxy is passed through the tunnel. Part of the SOCKS protocol is to manage the destination and port. Local and remote tunnels are explicit destinations, so any traffic through those forwarded connections are already defined before the traffic is sent.
– jsbillings
Feb 6 at 13:58
add a comment |
1 Answer
1
active
oldest
votes
The difference is in what the client thinks it is talking to. Taking HTTP as an example:
SSH static (local and remote) port forwards are transparent to the application using them. With HTTP the application (the browser) doesn't know it's talking to a port forward at all. For a local forward, it thinks it's talking directly to a web server running on the client ("localhost"). SSH fakes the webserver, by passing all traffic to a real webserver.
SSH dynamic port forwards are not transparent. The application (the browser) thinks it is talking to a "SOCKS proxy server", not a webserver. The application uses the SOCKS proxy server to request a connection to a webserver. It then thinks it is talking to a webserver (NOT on the SSH server or client) via the socks proxy.
As a side point, it;s possible to download and install a SOCKS proxy on a server, create a local port forward to it, and the result will be the same as a dynamic forward.
answered Feb 6 at 14:03
Philip CoulingPhilip Couling
1,255918
Thanks. Is SSH which performs local or remote port forwarding considered as a proxy?See unix.stackexchange.com/questions/498849/…
– Tim
Feb 6 at 15:29
Is a HTTP proxy server not transparent to a HTTP client, just a SSH dynamic port forwarding proxy server is not?
– Tim
Feb 6 at 15:38
A HTTP proxy server is different again. And no. The browser needs to know it's talking to a HTTP proxy. The protocol for talking to a HTTP proxy is different to that for a web-server. From memory, the domain is split into a separate header for a regular web-server, for a proxy it's in the url. A reverse HTTP proxy is transparent.
– Philip Couling
Feb 6 at 15:43
Thanks. How about my first comment?
– Tim
Feb 6 at 16:48
I think, technically, yes they are. But but I would usually just call them a "port forward" to be clear because there are so many different types of proxy.
– Philip Couling
Feb 6 at 18:49
|
show 1 more comment
Your Answer
StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "106"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);
else
createEditor();
);
function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);
);
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f499048%2fdoes-working-in-different-protocols-cause-difference-in-the-destinations-of-loca%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
The difference is in what the client thinks it is talking to. Taking HTTP as an example:
SSH static (local and remote) port forwards are transparent to the application using them. With HTTP the application (the browser) doesn't know it's talking to a port forward at all. For a local forward, it thinks it's talking directly to a web server running on the client ("localhost"). SSH fakes the webserver, by passing all traffic to a real webserver.
SSH dynamic port forwards are not transparent. The application (the browser) thinks it is talking to a "SOCKS proxy server", not a webserver. The application uses the SOCKS proxy server to request a connection to a webserver. It then thinks it is talking to a webserver (NOT on the SSH server or client) via the socks proxy.
As a side point, it;s possible to download and install a SOCKS proxy on a server, create a local port forward to it, and the result will be the same as a dynamic forward.
answered Feb 6 at 14:03
Philip CoulingPhilip Couling
1,255918
Thanks. Is SSH which performs local or remote port forwarding considered as a proxy?See unix.stackexchange.com/questions/498849/…
– Tim
Feb 6 at 15:29
Is a HTTP proxy server not transparent to a HTTP client, just a SSH dynamic port forwarding proxy server is not?
– Tim
Feb 6 at 15:38
A HTTP proxy server is different again. And no. The browser needs to know it's talking to a HTTP proxy. The protocol for talking to a HTTP proxy is different to that for a web-server. From memory, the domain is split into a separate header for a regular web-server, for a proxy it's in the url. A reverse HTTP proxy is transparent.
– Philip Couling
Feb 6 at 15:43
Thanks. How about my first comment?
– Tim
Feb 6 at 16:48
I think, technically, yes they are. But but I would usually just call them a "port forward" to be clear because there are so many different types of proxy.
– Philip Couling
Feb 6 at 18:49
|
show 1 more comment
The difference is in what the client thinks it is talking to. Taking HTTP as an example:
SSH static (local and remote) port forwards are transparent to the application using them. With HTTP the application (the browser) doesn't know it's talking to a port forward at all. For a local forward, it thinks it's talking directly to a web server running on the client ("localhost"). SSH fakes the webserver, by passing all traffic to a real webserver.
SSH dynamic port forwards are not transparent. The application (the browser) thinks it is talking to a "SOCKS proxy server", not a webserver. The application uses the SOCKS proxy server to request a connection to a webserver. It then thinks it is talking to a webserver (NOT on the SSH server or client) via the socks proxy.
As a side point, it;s possible to download and install a SOCKS proxy on a server, create a local port forward to it, and the result will be the same as a dynamic forward.
answered Feb 6 at 14:03
Philip CoulingPhilip Couling
1,255918
Thanks. Is SSH which performs local or remote port forwarding considered as a proxy?See unix.stackexchange.com/questions/498849/…
– Tim
Feb 6 at 15:29
Is a HTTP proxy server not transparent to a HTTP client, just a SSH dynamic port forwarding proxy server is not?
– Tim
Feb 6 at 15:38
A HTTP proxy server is different again. And no. The browser needs to know it's talking to a HTTP proxy. The protocol for talking to a HTTP proxy is different to that for a web-server. From memory, the domain is split into a separate header for a regular web-server, for a proxy it's in the url. A reverse HTTP proxy is transparent.
– Philip Couling
Feb 6 at 15:43
Thanks. How about my first comment?
– Tim
Feb 6 at 16:48
I think, technically, yes they are. But but I would usually just call them a "port forward" to be clear because there are so many different types of proxy.
– Philip Couling
Feb 6 at 18:49
|
show 1 more comment
The difference is in what the client thinks it is talking to. Taking HTTP as an example:
SSH static (local and remote) port forwards are transparent to the application using them. With HTTP the application (the browser) doesn't know it's talking to a port forward at all. For a local forward, it thinks it's talking directly to a web server running on the client ("localhost"). SSH fakes the webserver, by passing all traffic to a real webserver.
SSH dynamic port forwards are not transparent. The application (the browser) thinks it is talking to a "SOCKS proxy server", not a webserver. The application uses the SOCKS proxy server to request a connection to a webserver. It then thinks it is talking to a webserver (NOT on the SSH server or client) via the socks proxy.
As a side point, it;s possible to download and install a SOCKS proxy on a server, create a local port forward to it, and the result will be the same as a dynamic forward.
answered Feb 6 at 14:03
Philip CoulingPhilip Couling
1,255918
The difference is in what the client thinks it is talking to. Taking HTTP as an example:
SSH static (local and remote) port forwards are transparent to the application using them. With HTTP the application (the browser) doesn't know it's talking to a port forward at all. For a local forward, it thinks it's talking directly to a web server running on the client ("localhost"). SSH fakes the webserver, by passing all traffic to a real webserver.
SSH dynamic port forwards are not transparent. The application (the browser) thinks it is talking to a "SOCKS proxy server", not a webserver. The application uses the SOCKS proxy server to request a connection to a webserver. It then thinks it is talking to a webserver (NOT on the SSH server or client) via the socks proxy.
As a side point, it;s possible to download and install a SOCKS proxy on a server, create a local port forward to it, and the result will be the same as a dynamic forward.
answered Feb 6 at 14:03
Philip CoulingPhilip Couling
1,255918
edited Feb 6 at 14:10
answered Feb 6 at 14:03
Philip CoulingPhilip Couling
1,255918
answered Feb 6 at 14:03
Philip CoulingPhilip Couling
1,255918
answered Feb 6 at 14:03
Philip CoulingPhilip Couling
1,255918
1,255918
Thanks. Is SSH which performs local or remote port forwarding considered as a proxy?See unix.stackexchange.com/questions/498849/…
– Tim
Feb 6 at 15:29
Is a HTTP proxy server not transparent to a HTTP client, just a SSH dynamic port forwarding proxy server is not?
– Tim
Feb 6 at 15:38
A HTTP proxy server is different again. And no. The browser needs to know it's talking to a HTTP proxy. The protocol for talking to a HTTP proxy is different to that for a web-server. From memory, the domain is split into a separate header for a regular web-server, for a proxy it's in the url. A reverse HTTP proxy is transparent.
– Philip Couling
Feb 6 at 15:43
Thanks. How about my first comment?
– Tim
Feb 6 at 16:48
I think, technically, yes they are. But but I would usually just call them a "port forward" to be clear because there are so many different types of proxy.
– Philip Couling
Feb 6 at 18:49
|
show 1 more comment
Thanks. Is SSH which performs local or remote port forwarding considered as a proxy?See unix.stackexchange.com/questions/498849/…
– Tim
Feb 6 at 15:29
Is a HTTP proxy server not transparent to a HTTP client, just a SSH dynamic port forwarding proxy server is not?
– Tim
Feb 6 at 15:38
A HTTP proxy server is different again. And no. The browser needs to know it's talking to a HTTP proxy. The protocol for talking to a HTTP proxy is different to that for a web-server. From memory, the domain is split into a separate header for a regular web-server, for a proxy it's in the url. A reverse HTTP proxy is transparent.
– Philip Couling
Feb 6 at 15:43
Thanks. How about my first comment?
– Tim
Feb 6 at 16:48
I think, technically, yes they are. But but I would usually just call them a "port forward" to be clear because there are so many different types of proxy.
– Philip Couling
Feb 6 at 18:49
Thanks. Is SSH which performs local or remote port forwarding considered as a proxy?See unix.stackexchange.com/questions/498849/…
– Tim
Feb 6 at 15:29
Thanks. Is SSH which performs local or remote port forwarding considered as a proxy?See unix.stackexchange.com/questions/498849/…
– Tim
Feb 6 at 15:29
Is a HTTP proxy server not transparent to a HTTP client, just a SSH dynamic port forwarding proxy server is not?
– Tim
Feb 6 at 15:38
Is a HTTP proxy server not transparent to a HTTP client, just a SSH dynamic port forwarding proxy server is not?
– Tim
Feb 6 at 15:38
A HTTP proxy server is different again. And no. The browser needs to know it's talking to a HTTP proxy. The protocol for talking to a HTTP proxy is different to that for a web-server. From memory, the domain is split into a separate header for a regular web-server, for a proxy it's in the url. A reverse HTTP proxy is transparent.
– Philip Couling
Feb 6 at 15:43
A HTTP proxy server is different again. And no. The browser needs to know it's talking to a HTTP proxy. The protocol for talking to a HTTP proxy is different to that for a web-server. From memory, the domain is split into a separate header for a regular web-server, for a proxy it's in the url. A reverse HTTP proxy is transparent.
– Philip Couling
Feb 6 at 15:43
Thanks. How about my first comment?
– Tim
Feb 6 at 16:48
Thanks. How about my first comment?
– Tim
Feb 6 at 16:48
I think, technically, yes they are. But but I would usually just call them a "port forward" to be clear because there are so many different types of proxy.
– Philip Couling
Feb 6 at 18:49
I think, technically, yes they are. But but I would usually just call them a "port forward" to be clear because there are so many different types of proxy.
– Philip Couling
Feb 6 at 18:49
|
show 1 more comment
Thanks for contributing an answer to Unix & Linux Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f499048%2fdoes-working-in-different-protocols-cause-difference-in-the-destinations-of-loca%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
With dynamic forwarding, ALL traffic directed at the SOCKS proxy is passed through the tunnel. Part of the SOCKS protocol is to manage the destination and port. Local and remote tunnels are explicit destinations, so any traffic through those forwarded connections are already defined before the traffic is sent.
– jsbillings
Feb 6 at 13:58