What are the relations and differences between port forwarding and proxy?
Clash Royale CLAN TAG#URR8PPP
Is an entity which performs port forwarding considered as a proxy? If not, what is it?
A proxy is transparent to users of the clients of its proxied server: a user sends a request to a destination without realizing that the request is actually sent to the proxy.
A pair of SSH client and SSH server used for local or remote port forwarding is visible to users of the clients of its "proxied" server. A user sends a request explicitly to the SSH client (or server), without necessarily realizing that SSH will forward the request to a different destination.A proxy can forward a received request to any destination which the request asks for. A pair of SSH client and SSH server used for local or remote port forwarding seems to only forward any received request to a fixed destination. Is it possible to make SSH forward a request to any destination which the request asks for, just like a proxy does?
Is a proxy necessarily implemented in terms of port forwarding?
Thanks.
ssh proxy port-forwarding
asked Feb 5 at 16:42
TimTim
27.4k78264474
add a comment |
Is an entity which performs port forwarding considered as a proxy? If not, what is it?
A proxy is transparent to users of the clients of its proxied server: a user sends a request to a destination without realizing that the request is actually sent to the proxy.
A pair of SSH client and SSH server used for local or remote port forwarding is visible to users of the clients of its "proxied" server. A user sends a request explicitly to the SSH client (or server), without necessarily realizing that SSH will forward the request to a different destination.A proxy can forward a received request to any destination which the request asks for. A pair of SSH client and SSH server used for local or remote port forwarding seems to only forward any received request to a fixed destination. Is it possible to make SSH forward a request to any destination which the request asks for, just like a proxy does?
Is a proxy necessarily implemented in terms of port forwarding?
Thanks.
ssh proxy port-forwarding
asked Feb 5 at 16:42
TimTim
27.4k78264474
add a comment |
Is an entity which performs port forwarding considered as a proxy? If not, what is it?
A proxy is transparent to users of the clients of its proxied server: a user sends a request to a destination without realizing that the request is actually sent to the proxy.
A pair of SSH client and SSH server used for local or remote port forwarding is visible to users of the clients of its "proxied" server. A user sends a request explicitly to the SSH client (or server), without necessarily realizing that SSH will forward the request to a different destination.A proxy can forward a received request to any destination which the request asks for. A pair of SSH client and SSH server used for local or remote port forwarding seems to only forward any received request to a fixed destination. Is it possible to make SSH forward a request to any destination which the request asks for, just like a proxy does?
Is a proxy necessarily implemented in terms of port forwarding?
Thanks.
ssh proxy port-forwarding
asked Feb 5 at 16:42
TimTim
27.4k78264474
Is an entity which performs port forwarding considered as a proxy? If not, what is it?
A proxy is transparent to users of the clients of its proxied server: a user sends a request to a destination without realizing that the request is actually sent to the proxy.
A pair of SSH client and SSH server used for local or remote port forwarding is visible to users of the clients of its "proxied" server. A user sends a request explicitly to the SSH client (or server), without necessarily realizing that SSH will forward the request to a different destination.A proxy can forward a received request to any destination which the request asks for. A pair of SSH client and SSH server used for local or remote port forwarding seems to only forward any received request to a fixed destination. Is it possible to make SSH forward a request to any destination which the request asks for, just like a proxy does?
Is a proxy necessarily implemented in terms of port forwarding?
Thanks.
ssh proxy port-forwarding
ssh proxy port-forwarding
asked Feb 5 at 16:42
TimTim
27.4k78264474
asked Feb 5 at 16:42
TimTim
27.4k78264474
edited Feb 5 at 19:47
Tim
asked Feb 5 at 16:42
TimTim
27.4k78264474
asked Feb 5 at 16:42
TimTim
27.4k78264474
asked Feb 5 at 16:42
TimTim
27.4k78264474
27.4k78264474
add a comment |
add a comment |
1 Answer
1
active
oldest
votes
1.) Yes: if you specify a local port forwarding (option -L in OpenSSH), your SSH client will act as a proxy that forwards the connection that's incoming to a specified local port/socket onto a specified target at the remote end of the SSH connection. And if you specify a remote port forwarding (option -R in OpenSSH), the sshd daemon at the remote end will act as a proxy that forwards connections incoming to a a specified remote port/socket to the specified target on the local side of the SSH connection.
In both cases, both the SSH client and the sshd daemon work together to implement the functionality, but whichever is accepting the incoming connections could be said to act as a proxy for the actual service on the opposite side of the SSH connection.
2.) Also yes, but then the request must be specified using a protocol that is understood by SSH. A dynamic port forwarding (option -D in OpenSSH) does just that, supporting the SOCKS4 and SOCKS5 protocols.
For example:
You might have a server room full of equipment with web-based remote console functionality. Since those aren't always updateable to the latest TLS standards, you've connected them to a strictly local network segment that is accessible through a particular network administrators' workstation only. This workstation has two NICs: one to the regular network, and another to the remote console segment, but it is intentionally configured to not act as a router. Of course the network administrators' workstation runs Linux :-)
You're on a well-earned vacation, when the big boss calls and tells you that the your stand-in is sick from food poisoning and some old router in the server room needs to be rebooted ASAP. You're hundreds of miles away from the server room. Through the company VPN, you can access the network administrators' workstation remotely, but you know from experience that using X11 forwarding to run a remote browser is painfully slow. So, what do you do?
<connect VPN>
laptop$ ssh -D 1234 tim@netadmin_workstation.company.intra
netadmin_workstation$
Now, as long as that SSH connection is up, you can fire up a local browser, configure it to use a SOCKS proxy located at localhost:1234 and all the outgoing network connections from that browser will go out through the SSH connection to the netadmins' workstation, and from there on as regular TCP connections to whatever address specified in the browser. Effectively, your browser's network connections will now seem to originate from the netadmins' workstation, while the browser (and any associated Java applets) will still be run fully locally, with minimum latency.
And so you can access the Java-based web GUI of that pesky old router remotely with a somewhat tolerable level of latency...
(If you're using Firefox, you may want to set an about:config option network.proxy.socks_remote_dns to True, in order to have the browser also forward any DNS requests through the SOCKS proxy connection, so you can use the DNS resolution of the netadmins' workstation too.)
(Disclaimer: any resemblance of the above description to any particular series of real-life events is entirely coincidental. Something very much like it has probably happened many, many times in a lot of different places all over the world.)
answered Feb 5 at 18:46
telcoMtelcoM
18.5k12347
Thanks. About 1, after set up SSH (local or remote) port forwarding, is it correct that a user of a client specify the SSH listening port to send a request to, and is not necessarily aware of that SSH forwards the request to somewhere else? After setting up a proxy, is it correct that a user of a client specify the ultimate destination to send a request to, and is not necessarily aware of that the proxy intercepts the request and then forwards it to somewhere else?
– Tim
Feb 5 at 18:58
(Re your disclaimer, your example is more probable if it comes from your wonderful life)
– Tim
Feb 5 at 19:02
The user of a SSH client is explicitly aware of the destination of the forwarding, because the user will specify the destination with the forwarding option. The programs using the forwarded connection can generally use the SSH-generated proxy unaware that it's not the real thing. Other types of proxies, in particular HTTP reverse proxies or transparent proxies, might not be under the control of the user and might hide the true ultimate destination of the connections. A proxy always fools the applications; but if it's under your control it cannot fool you as the user.
– telcoM
Feb 6 at 8:15
add a comment |
Your Answer
StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "106"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);
else
createEditor();
);
function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);
);
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f498849%2fwhat-are-the-relations-and-differences-between-port-forwarding-and-proxy%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
1.) Yes: if you specify a local port forwarding (option -L in OpenSSH), your SSH client will act as a proxy that forwards the connection that's incoming to a specified local port/socket onto a specified target at the remote end of the SSH connection. And if you specify a remote port forwarding (option -R in OpenSSH), the sshd daemon at the remote end will act as a proxy that forwards connections incoming to a a specified remote port/socket to the specified target on the local side of the SSH connection.
In both cases, both the SSH client and the sshd daemon work together to implement the functionality, but whichever is accepting the incoming connections could be said to act as a proxy for the actual service on the opposite side of the SSH connection.
2.) Also yes, but then the request must be specified using a protocol that is understood by SSH. A dynamic port forwarding (option -D in OpenSSH) does just that, supporting the SOCKS4 and SOCKS5 protocols.
For example:
You might have a server room full of equipment with web-based remote console functionality. Since those aren't always updateable to the latest TLS standards, you've connected them to a strictly local network segment that is accessible through a particular network administrators' workstation only. This workstation has two NICs: one to the regular network, and another to the remote console segment, but it is intentionally configured to not act as a router. Of course the network administrators' workstation runs Linux :-)
You're on a well-earned vacation, when the big boss calls and tells you that the your stand-in is sick from food poisoning and some old router in the server room needs to be rebooted ASAP. You're hundreds of miles away from the server room. Through the company VPN, you can access the network administrators' workstation remotely, but you know from experience that using X11 forwarding to run a remote browser is painfully slow. So, what do you do?
<connect VPN>
laptop$ ssh -D 1234 tim@netadmin_workstation.company.intra
netadmin_workstation$
Now, as long as that SSH connection is up, you can fire up a local browser, configure it to use a SOCKS proxy located at localhost:1234 and all the outgoing network connections from that browser will go out through the SSH connection to the netadmins' workstation, and from there on as regular TCP connections to whatever address specified in the browser. Effectively, your browser's network connections will now seem to originate from the netadmins' workstation, while the browser (and any associated Java applets) will still be run fully locally, with minimum latency.
And so you can access the Java-based web GUI of that pesky old router remotely with a somewhat tolerable level of latency...
(If you're using Firefox, you may want to set an about:config option network.proxy.socks_remote_dns to True, in order to have the browser also forward any DNS requests through the SOCKS proxy connection, so you can use the DNS resolution of the netadmins' workstation too.)
(Disclaimer: any resemblance of the above description to any particular series of real-life events is entirely coincidental. Something very much like it has probably happened many, many times in a lot of different places all over the world.)
answered Feb 5 at 18:46
telcoMtelcoM
18.5k12347
Thanks. About 1, after set up SSH (local or remote) port forwarding, is it correct that a user of a client specify the SSH listening port to send a request to, and is not necessarily aware of that SSH forwards the request to somewhere else? After setting up a proxy, is it correct that a user of a client specify the ultimate destination to send a request to, and is not necessarily aware of that the proxy intercepts the request and then forwards it to somewhere else?
– Tim
Feb 5 at 18:58
(Re your disclaimer, your example is more probable if it comes from your wonderful life)
– Tim
Feb 5 at 19:02
The user of a SSH client is explicitly aware of the destination of the forwarding, because the user will specify the destination with the forwarding option. The programs using the forwarded connection can generally use the SSH-generated proxy unaware that it's not the real thing. Other types of proxies, in particular HTTP reverse proxies or transparent proxies, might not be under the control of the user and might hide the true ultimate destination of the connections. A proxy always fools the applications; but if it's under your control it cannot fool you as the user.
– telcoM
Feb 6 at 8:15
add a comment |
1.) Yes: if you specify a local port forwarding (option -L in OpenSSH), your SSH client will act as a proxy that forwards the connection that's incoming to a specified local port/socket onto a specified target at the remote end of the SSH connection. And if you specify a remote port forwarding (option -R in OpenSSH), the sshd daemon at the remote end will act as a proxy that forwards connections incoming to a a specified remote port/socket to the specified target on the local side of the SSH connection.
In both cases, both the SSH client and the sshd daemon work together to implement the functionality, but whichever is accepting the incoming connections could be said to act as a proxy for the actual service on the opposite side of the SSH connection.
2.) Also yes, but then the request must be specified using a protocol that is understood by SSH. A dynamic port forwarding (option -D in OpenSSH) does just that, supporting the SOCKS4 and SOCKS5 protocols.
For example:
You might have a server room full of equipment with web-based remote console functionality. Since those aren't always updateable to the latest TLS standards, you've connected them to a strictly local network segment that is accessible through a particular network administrators' workstation only. This workstation has two NICs: one to the regular network, and another to the remote console segment, but it is intentionally configured to not act as a router. Of course the network administrators' workstation runs Linux :-)
You're on a well-earned vacation, when the big boss calls and tells you that the your stand-in is sick from food poisoning and some old router in the server room needs to be rebooted ASAP. You're hundreds of miles away from the server room. Through the company VPN, you can access the network administrators' workstation remotely, but you know from experience that using X11 forwarding to run a remote browser is painfully slow. So, what do you do?
<connect VPN>
laptop$ ssh -D 1234 tim@netadmin_workstation.company.intra
netadmin_workstation$
Now, as long as that SSH connection is up, you can fire up a local browser, configure it to use a SOCKS proxy located at localhost:1234 and all the outgoing network connections from that browser will go out through the SSH connection to the netadmins' workstation, and from there on as regular TCP connections to whatever address specified in the browser. Effectively, your browser's network connections will now seem to originate from the netadmins' workstation, while the browser (and any associated Java applets) will still be run fully locally, with minimum latency.
And so you can access the Java-based web GUI of that pesky old router remotely with a somewhat tolerable level of latency...
(If you're using Firefox, you may want to set an about:config option network.proxy.socks_remote_dns to True, in order to have the browser also forward any DNS requests through the SOCKS proxy connection, so you can use the DNS resolution of the netadmins' workstation too.)
(Disclaimer: any resemblance of the above description to any particular series of real-life events is entirely coincidental. Something very much like it has probably happened many, many times in a lot of different places all over the world.)
answered Feb 5 at 18:46
telcoMtelcoM
18.5k12347
Thanks. About 1, after set up SSH (local or remote) port forwarding, is it correct that a user of a client specify the SSH listening port to send a request to, and is not necessarily aware of that SSH forwards the request to somewhere else? After setting up a proxy, is it correct that a user of a client specify the ultimate destination to send a request to, and is not necessarily aware of that the proxy intercepts the request and then forwards it to somewhere else?
– Tim
Feb 5 at 18:58
(Re your disclaimer, your example is more probable if it comes from your wonderful life)
– Tim
Feb 5 at 19:02
The user of a SSH client is explicitly aware of the destination of the forwarding, because the user will specify the destination with the forwarding option. The programs using the forwarded connection can generally use the SSH-generated proxy unaware that it's not the real thing. Other types of proxies, in particular HTTP reverse proxies or transparent proxies, might not be under the control of the user and might hide the true ultimate destination of the connections. A proxy always fools the applications; but if it's under your control it cannot fool you as the user.
– telcoM
Feb 6 at 8:15
add a comment |
1.) Yes: if you specify a local port forwarding (option -L in OpenSSH), your SSH client will act as a proxy that forwards the connection that's incoming to a specified local port/socket onto a specified target at the remote end of the SSH connection. And if you specify a remote port forwarding (option -R in OpenSSH), the sshd daemon at the remote end will act as a proxy that forwards connections incoming to a a specified remote port/socket to the specified target on the local side of the SSH connection.
In both cases, both the SSH client and the sshd daemon work together to implement the functionality, but whichever is accepting the incoming connections could be said to act as a proxy for the actual service on the opposite side of the SSH connection.
2.) Also yes, but then the request must be specified using a protocol that is understood by SSH. A dynamic port forwarding (option -D in OpenSSH) does just that, supporting the SOCKS4 and SOCKS5 protocols.
For example:
You might have a server room full of equipment with web-based remote console functionality. Since those aren't always updateable to the latest TLS standards, you've connected them to a strictly local network segment that is accessible through a particular network administrators' workstation only. This workstation has two NICs: one to the regular network, and another to the remote console segment, but it is intentionally configured to not act as a router. Of course the network administrators' workstation runs Linux :-)
You're on a well-earned vacation, when the big boss calls and tells you that the your stand-in is sick from food poisoning and some old router in the server room needs to be rebooted ASAP. You're hundreds of miles away from the server room. Through the company VPN, you can access the network administrators' workstation remotely, but you know from experience that using X11 forwarding to run a remote browser is painfully slow. So, what do you do?
<connect VPN>
laptop$ ssh -D 1234 tim@netadmin_workstation.company.intra
netadmin_workstation$
Now, as long as that SSH connection is up, you can fire up a local browser, configure it to use a SOCKS proxy located at localhost:1234 and all the outgoing network connections from that browser will go out through the SSH connection to the netadmins' workstation, and from there on as regular TCP connections to whatever address specified in the browser. Effectively, your browser's network connections will now seem to originate from the netadmins' workstation, while the browser (and any associated Java applets) will still be run fully locally, with minimum latency.
And so you can access the Java-based web GUI of that pesky old router remotely with a somewhat tolerable level of latency...
(If you're using Firefox, you may want to set an about:config option network.proxy.socks_remote_dns to True, in order to have the browser also forward any DNS requests through the SOCKS proxy connection, so you can use the DNS resolution of the netadmins' workstation too.)
(Disclaimer: any resemblance of the above description to any particular series of real-life events is entirely coincidental. Something very much like it has probably happened many, many times in a lot of different places all over the world.)
answered Feb 5 at 18:46
telcoMtelcoM
18.5k12347
1.) Yes: if you specify a local port forwarding (option -L in OpenSSH), your SSH client will act as a proxy that forwards the connection that's incoming to a specified local port/socket onto a specified target at the remote end of the SSH connection. And if you specify a remote port forwarding (option -R in OpenSSH), the sshd daemon at the remote end will act as a proxy that forwards connections incoming to a a specified remote port/socket to the specified target on the local side of the SSH connection.
In both cases, both the SSH client and the sshd daemon work together to implement the functionality, but whichever is accepting the incoming connections could be said to act as a proxy for the actual service on the opposite side of the SSH connection.
2.) Also yes, but then the request must be specified using a protocol that is understood by SSH. A dynamic port forwarding (option -D in OpenSSH) does just that, supporting the SOCKS4 and SOCKS5 protocols.
For example:
You might have a server room full of equipment with web-based remote console functionality. Since those aren't always updateable to the latest TLS standards, you've connected them to a strictly local network segment that is accessible through a particular network administrators' workstation only. This workstation has two NICs: one to the regular network, and another to the remote console segment, but it is intentionally configured to not act as a router. Of course the network administrators' workstation runs Linux :-)
You're on a well-earned vacation, when the big boss calls and tells you that the your stand-in is sick from food poisoning and some old router in the server room needs to be rebooted ASAP. You're hundreds of miles away from the server room. Through the company VPN, you can access the network administrators' workstation remotely, but you know from experience that using X11 forwarding to run a remote browser is painfully slow. So, what do you do?
<connect VPN>
laptop$ ssh -D 1234 tim@netadmin_workstation.company.intra
netadmin_workstation$
Now, as long as that SSH connection is up, you can fire up a local browser, configure it to use a SOCKS proxy located at localhost:1234 and all the outgoing network connections from that browser will go out through the SSH connection to the netadmins' workstation, and from there on as regular TCP connections to whatever address specified in the browser. Effectively, your browser's network connections will now seem to originate from the netadmins' workstation, while the browser (and any associated Java applets) will still be run fully locally, with minimum latency.
And so you can access the Java-based web GUI of that pesky old router remotely with a somewhat tolerable level of latency...
(If you're using Firefox, you may want to set an about:config option network.proxy.socks_remote_dns to True, in order to have the browser also forward any DNS requests through the SOCKS proxy connection, so you can use the DNS resolution of the netadmins' workstation too.)
(Disclaimer: any resemblance of the above description to any particular series of real-life events is entirely coincidental. Something very much like it has probably happened many, many times in a lot of different places all over the world.)
answered Feb 5 at 18:46
telcoMtelcoM
18.5k12347
answered Feb 5 at 18:46
telcoMtelcoM
18.5k12347
answered Feb 5 at 18:46
telcoMtelcoM
18.5k12347
answered Feb 5 at 18:46
telcoMtelcoM
18.5k12347
18.5k12347
Thanks. About 1, after set up SSH (local or remote) port forwarding, is it correct that a user of a client specify the SSH listening port to send a request to, and is not necessarily aware of that SSH forwards the request to somewhere else? After setting up a proxy, is it correct that a user of a client specify the ultimate destination to send a request to, and is not necessarily aware of that the proxy intercepts the request and then forwards it to somewhere else?
– Tim
Feb 5 at 18:58
(Re your disclaimer, your example is more probable if it comes from your wonderful life)
– Tim
Feb 5 at 19:02
The user of a SSH client is explicitly aware of the destination of the forwarding, because the user will specify the destination with the forwarding option. The programs using the forwarded connection can generally use the SSH-generated proxy unaware that it's not the real thing. Other types of proxies, in particular HTTP reverse proxies or transparent proxies, might not be under the control of the user and might hide the true ultimate destination of the connections. A proxy always fools the applications; but if it's under your control it cannot fool you as the user.
– telcoM
Feb 6 at 8:15
add a comment |
Thanks. About 1, after set up SSH (local or remote) port forwarding, is it correct that a user of a client specify the SSH listening port to send a request to, and is not necessarily aware of that SSH forwards the request to somewhere else? After setting up a proxy, is it correct that a user of a client specify the ultimate destination to send a request to, and is not necessarily aware of that the proxy intercepts the request and then forwards it to somewhere else?
– Tim
Feb 5 at 18:58
(Re your disclaimer, your example is more probable if it comes from your wonderful life)
– Tim
Feb 5 at 19:02
The user of a SSH client is explicitly aware of the destination of the forwarding, because the user will specify the destination with the forwarding option. The programs using the forwarded connection can generally use the SSH-generated proxy unaware that it's not the real thing. Other types of proxies, in particular HTTP reverse proxies or transparent proxies, might not be under the control of the user and might hide the true ultimate destination of the connections. A proxy always fools the applications; but if it's under your control it cannot fool you as the user.
– telcoM
Feb 6 at 8:15
Thanks. About 1, after set up SSH (local or remote) port forwarding, is it correct that a user of a client specify the SSH listening port to send a request to, and is not necessarily aware of that SSH forwards the request to somewhere else? After setting up a proxy, is it correct that a user of a client specify the ultimate destination to send a request to, and is not necessarily aware of that the proxy intercepts the request and then forwards it to somewhere else?
– Tim
Feb 5 at 18:58
Thanks. About 1, after set up SSH (local or remote) port forwarding, is it correct that a user of a client specify the SSH listening port to send a request to, and is not necessarily aware of that SSH forwards the request to somewhere else? After setting up a proxy, is it correct that a user of a client specify the ultimate destination to send a request to, and is not necessarily aware of that the proxy intercepts the request and then forwards it to somewhere else?
– Tim
Feb 5 at 18:58
(Re your disclaimer, your example is more probable if it comes from your wonderful life)
– Tim
Feb 5 at 19:02
(Re your disclaimer, your example is more probable if it comes from your wonderful life)
– Tim
Feb 5 at 19:02
The user of a SSH client is explicitly aware of the destination of the forwarding, because the user will specify the destination with the forwarding option. The programs using the forwarded connection can generally use the SSH-generated proxy unaware that it's not the real thing. Other types of proxies, in particular HTTP reverse proxies or transparent proxies, might not be under the control of the user and might hide the true ultimate destination of the connections. A proxy always fools the applications; but if it's under your control it cannot fool you as the user.
– telcoM
Feb 6 at 8:15
The user of a SSH client is explicitly aware of the destination of the forwarding, because the user will specify the destination with the forwarding option. The programs using the forwarded connection can generally use the SSH-generated proxy unaware that it's not the real thing. Other types of proxies, in particular HTTP reverse proxies or transparent proxies, might not be under the control of the user and might hide the true ultimate destination of the connections. A proxy always fools the applications; but if it's under your control it cannot fool you as the user.
– telcoM
Feb 6 at 8:15
add a comment |
Thanks for contributing an answer to Unix & Linux Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f498849%2fwhat-are-the-relations-and-differences-between-port-forwarding-and-proxy%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown