Re: How to restrict remote forwarding ports in SSH2?

You're quite right. Netcat is included in most unices (to get full
bidirectional port forwarding, you would actually need two shell
commands & a pipeline). Socat is quite a bit more versatile, and
would do the forward in a single command. I think it's available by
default in some unices, and should compile on nearly anything you're
likely to encounter.

Netcat is of course also available as a Windows binary, although doing
a bidirectional port forward is a bit trickier (does anyone know how
to do the equivalent of mkfifo in Windows?).


On 11/24/06, Derek Martin wrote:

If I understand what you're asking, it's probably worth pointing out
that it's already possible to do this kind of port redirection in
general with TCP/IP without dealing with SSH's port redirection...
there's not much you can do to prevent it. Anyone capable of writing
socket code in C can write a program to redirect any port to anywhere
in maybe a couple of dozen lines.
Someone's probably already written a free program to do this kind of
port redirection, which can be downloaded freely. It might even have
pre-comiled binaries for your platform(s).>