SSH port forwarding can be used to gain or provide access to services that are not directly reachable, to encrypt connections between different applications and more.
SSH 端口转发可用于获取或提供对无法直接访问的服务访问权限,以及加密不同应用程序之间的连接等。
Termius supports all types of port forwarding: local, remote and dynamic.
Termius 支持所有类型的端口转发:本地、远程和动态。
Local port forwarding 本地端口转发
Local port forwarding is most commonly used for connecting to services on a private network, such as a database or VNC server.
本地端口转发通常用于连接到私有网络上的服务,例如数据库或 VNC 服务器。
This type of port forwarding redirects connections made to a port on your device (e.g. by a browser) running Termius to a device running an SSH server and then to any reachable port / device.
这种类型的端口转发将设备(例如浏览器)上运行的 Termius 软件接收到的端口连接(例如,通过浏览器)重定向到运行 SSH 服务器的设备,然后再转发到任何可到达的端口/设备。
See also: Local port forwarding (a Wikipedia article).
参见:本地端口转发(维基百科文章)。
Usage example 使用示例
Daniel has a MySQL database server that is not reachable from his device with Termius, but is reachable from the daniel.local device, which is his office laptop. The laptop runs an SSH server and is reachable from Daniel's device with Termius. He can connect to the database using a local port forwarding connection.
丹尼尔有一台 MySQL 数据库服务器,从他的设备上使用 Termius 无法访问,但从他的办公室笔记本电脑 daniel.local 上可以访问。这台笔记本电脑运行着 SSH 服务器,并且可以从丹尼尔的设备上使用 Termius 进行访问。他可以通过本地端口转发连接来连接到数据库。
The settings shown in the above screenshot would solve the problem Daniel has.
以上截图所示的设置将解决丹尼尔遇到的问题。
The OpenSSH analogue of that connection would be
该连接的 OpenSSH 对应版本将是
ssh -L 127.0.0.1:3336:10.1.30.42:3306 daniel@daniel.local
By activating this port forwarding connection in Termius, Daniel will forward the 3336 port on the 127.0.0.1 network interface of his device to the port 3306 at 10.1.30.42. He will then need to specify 127.0.0.1:3336 as the address of the MySQL database in his local MySQL client.
通过在 Termius 中激活此端口转发连接,Daniel 将把其设备上的 127.0.0.1 网络接口的 3336 端口转发到 10.1.30.42 的 3306 端口。然后,他需要将 127.0.0.1:3336 指定为本地 MySQL 客户端中 MySQL 数据库的地址。
Set up local port forwarding
设置本地端口转发
- Choose Port forwarding in the main menu.
选择主菜单中的端口转发。 - Click + New and Skip wizard.
点击“新建”并跳过向导。 - (Optionally) in the Set a label... field, provide a name for the connection.
(可选)在“设置标签...”字段中,提供连接的名称。 - In the Local port number field, enter the number of the port that you want to be forwarded. You can use any port number greater than 1024 and less than 49151. For example, 2080.
在“本地端口号码”字段中,输入您想要转发的端口号。您可以使用大于 1024 且小于 49151 的任何端口号。例如,2080。 - (Optionally) in the Bind address field, specify an IP address of your device (network interface) connections to which should be forwarded. If you skip this field, Termius will bind to 127.0.0.1, which means no other machine will be able to connect to the port being forwarded.
(可选)在绑定地址字段中,指定您的设备(网络接口)连接的 IP 地址,该地址应转发连接。如果您跳过此字段,Termius 将绑定到 127.0.0.1,这意味着其他机器将无法连接到正在转发的端口。 - In the Intermediate host field, specify the host that should act as an intermediary.
在中间宿主字段中,指定应作为中间人的宿主。 - In the Destination address field, specify the IP address or domain name of the host to which the connections should be forwarded.
在“目标地址”字段中,请指定应转发连接的主机的 IP 地址或域名。 - In the Destination port number field, enter the number of the port which should receive the traffic.
在“目标端口号码”字段中,输入应接收流量的端口号。 - Click ➔ at the top right to hide the connection's details.
点击顶部右边的➔按钮以隐藏连接的详细信息。
Double-click the port forwarding connection to enable it.
双击端口转发连接以启用它。
- Choose Port forwarding in the main menu and tap +.
- (Optionally) in the Label field, provide a name for the connection.
- In the Host / Host from field, specify the host that should act as an intermediary.
- In the Port from field, enter the number of the port that you want to be forwarded. Specifying a number greater than 1000 and less than 49151 should probably be fine.
- In the Destination / Host to field, specify the IP address or domain name of the host to which the connections should be ultimately forwarded.
- In the Port to field, enter the number of the port on the end device that should receive the traffic.
- (Optionally) in the Bind address field, specify an IP address of your device (network interface) connections to which should be forwarded. If you skip this field, Termius will bind to 127.0.0.1, which means no other machine will be able to connect to the port being forwarded.
- Tap Save / ✔️, then tap the port forwarding connection to activate it.
Remote port forwarding 远程端口转发
Remote port forwarding is mostly used to give access to an internal service to someone from the outside.
远程端口转发主要用于允许外部人员访问内部服务。
This type of port forwarding redirects connections made to a port on a device (e.g. by a browser) running an SSH server to your device (with Termius) and then to any reachable port, on your device or another one.
这种类型的端口转发将运行 SSH 服务器的设备(例如浏览器)上对端口的连接重定向到您的设备(使用 Termius),然后再转发到您的设备或另一台设备上的任何可到达的端口。
See also: Remote port forwarding (a Wikipedia article).
参见:远程端口转发(维基百科文章)。
Usage example 使用示例
Bethany is developing a personal website on her laptop and wants Daniel to check it out. Unfortunately, it is not reachable to Daniel. Luckily, Bethany can reach Daniel's public SSH server, which means that Bethany can make it possible for Daniel to connect to her website – by configuring a remote port forwarding connection.
贝丝安在她的笔记本电脑上开发个人网站,想让丹尼尔去看看。不幸的是,丹尼尔无法访问。幸运的是,贝丝安可以访问丹尼尔的公共 SSH 服务器,这意味着贝丝安可以通过配置远程端口转发连接,让丹尼尔能够连接到她的网站。
The settings shown in the above image would solve the problem Bethany has.
上图所示的设置将解决贝丝安遇到的问题。
The OpenSSH analogue of that connection would be
该连接的 OpenSSH 对应版本将是
ssh -R 127.0.0.1:8080:127.0.0.1:80 daniel@37.144.179.120
By activating this port forwarding connection in Termius, Bethany will forward (map) the 8080 port on the 127.0.0.1 network interface of Daniel's device, which runs the SSH server, to the port 80 on the 127.0.0.1 interface of her device with Termius. Daniel will need to type 127.0.0.1:8080 in the browser to access the website.
通过在 Termius 中激活此端口转发连接,Bethany 将把 Daniel 设备上运行 SSH 服务器的 127.0.0.1 网络接口的 8080 端口映射到她的设备上 Termius 的 127.0.0.1 接口的 80 端口。Daniel 需要在浏览器中输入 127.0.0.1:8080 来访问网站。
Set up remote port forwarding
设置远程端口转发
- Choose Port forwarding in the main menu.
选择主菜单中的端口转发。 - Click + New, then Skip wizard, then Remote at the top.
点击“新建”,然后跳过向导,然后在顶部选择“远程”。 - (Optionally) in the Set a label... field, provide a name for the connection.
(可选)在“设置标签...”字段中,提供连接的名称。 - In the Remote host field, specify the host, a port of which you want to be forwarded.
在“远程主机字段”中,指定您想要转发端口的宿主机。 - In the Remote port number, enter the number of the port that you want to be forwarded. You can use any port number greater than 1024 and less than 49151. For example, 2080.
在远程端口编号中,输入您想要转发的端口号。您可以使用大于 1024 且小于 49151 的任何端口号。例如,2080。 - (Optionally) in the Bind address field, specify an IP address (network interface) on the remote host, connections to which should be forwarded. If you skip this field, Termius will bind to 127.0.0.1, which means only connections made by the remote host only will be forwarded.
(可选)在绑定地址字段中,指定远程主机上的 IP 地址(网络接口),连接到该地址的连接应被转发。如果您跳过此字段,Termius 将绑定到 127.0.0.1,这意味着只有远程主机发起的连接才会被转发。 - In the Destination address field, specify the IP address or domain name of the host to which the connections should be forwarded.
在“目标地址”字段中,请指定应转发连接的主机的 IP 地址或域名。 - In the Destination port number field, enter the number of the port that should receive the traffic.
在“目标端口号码”字段中,输入应接收流量的端口号。 - Click ➔ at the top right to hide the connection's details.
点击顶部右边的➔按钮以隐藏连接的详细信息。
Double-click the port forwarding connection to enable it.
双击端口转发连接以启用它。
- Choose Port forwarding in the main menu and tap +.
- Tap Remote at the top / choose Remote in the Type field.
- (Optionally) in the Label field, provide a name for the connection.
- In the Host / Host from field, specify the host, the port of which you want to be forwarded.
- In the Port from field, enter the number of the port that you want to be forwarded. You can use any port number greater than 1024 and less than 49151. For example, 2080.
- In the Destination / Host to field, specify the IP address or domain name of the host to which the connections should ultimately be forwarded.
- In the Port to field, enter the number of the port that should receive the traffic.
- (Optionally) in the Bind address field, specify an IP address (network interface) on the remote host, connections to which should be forwarded. If you skip this field, Termius will bind to 127.0.0.1, which means only connections made by the remote host only will be forwarded.
- Tap Save / ✔️, then tap the port forwarding connection to activate it.
Dynamic port forwarding 动态端口转发
SSH dynamic port forwarding turns an SSH server into as a SOCKS proxy server, which can be used by applications on your machine as intermediary for connecting to remote servers.
SSH 动态端口转发将 SSH 服务器转变为 SOCKS 代理服务器,可让您的机器上的应用程序将其作为连接到远程服务器的中介。
This type of port forwarding is often used to protect data with SSH encryption – when using the Internet at a coffee shop, hotel, or any other minimally secure network.
这种类型的端口转发通常用于通过 SSH 加密保护数据——当在咖啡馆、酒店或其他安全性较低的网络中使用互联网时。
See also: Dynamic port forwarding (a Wikipedia article).
参见:动态端口转发(维基百科文章)。
Note: A program must support the SOCKS type of proxy for you to be able to route traffic from that app using dynamic port forwarding.
注意:必须支持 SOCKS 类型的代理,才能使用动态端口转发将流量从该应用程序路由出去。
Usage example 使用示例
Using this technique you can have a web browser use your SSH connection as a proxy, making your web connection requests appear to come from the remote server instead of your local device.
使用这项技术,您可以令网页浏览器使用您的 SSH 连接作为代理,从而使您的网络连接请求看起来像是来自远程服务器,而不是您的本地设备。
The settings shown in the screenshot is an example of a dynamic port forwarding setup. In this example, a person would need to specify 127.0.0.1:2080 as the browser SOCKS proxy. Once they activate the port forwarding, all connections will begin to be redirected to the SSH server before reaching the target servers.
截图所示的设置是一个动态端口转发配置示例。在这个例子中,用户需要将 127.0.0.1:2080 指定为浏览器的 SOCKS 代理。一旦激活端口转发,所有连接都将先被重定向到 SSH 服务器,然后再到达目标服务器。
Set up dynamic port forwarding
设置动态端口转发
- Choose Port forwarding in the main menu.
选择主菜单中的端口转发。 - Click + New, then Skip wizard, then Dynamic at the top.
点击“新建”,然后跳过向导,然后在顶部选择“动态”。 - (Optionally) in the Set a label... field, provide a name for the connection.
(可选)在“设置标签...”字段中,提供连接的名称。 - In the Local port number field, specify the number of a port on your device at which you want to enable the proxy. You can use any port number greater than 1024 and less than 49151.
在“本地端口号”字段中,请指定您希望启用代理的设备上的端口号。您可以使用大于 1024 且小于 49151 的任何端口号。 - (Optionally) in the Bind address field, specify an IP address of your device (network interface), at which the proxy should be available. If you skip this field, Termius will bind to 127.0.0.1.
(可选)在绑定地址字段中,指定您的设备(网络接口)的 IP 地址,该地址是代理可用的。如果您跳过此字段,Termius 将绑定到 127.0.0.1。 - In the Intermediate host field, specify the host that should act as an intermediary.
在中间宿主字段中,指定应作为中间人的宿主。 - Click ➔ at the top right to hide the connection's details.
点击顶部右边的➔按钮以隐藏连接的详细信息。
Double click the port forwarding connection to enable it.
双击端口转发连接以启用它。
- Choose Port forwarding in the main menu and tap +.
- Tap Dynamic at the top / choose Dynamic in the Type field.
- (Optionally) in the Label field, provide a name for the connection.
- In the Port field, specify the number of a port on your device at which you want to enable the proxy. Specifying a number greater than 1000 and less than 49151 should probably be fine.
- In the Bind address field, specify an IP address of your device (network interface), at which the proxy should be available. If you skip this field, Termius will bind to 127.0.0.1.
- In the Host field, specify the host that should act as an intermediary.
- Tap Save / ✔️, then tap the port forwarding connection to activate it.
Enable a SOCKS proxy for all apps on iPhone / iPad
为 iPhone/iPad 上的所有应用启用 SOCKS 代理
The instruction provided below explains how to enable a SOCKS proxy at the OS level on an iPhone or iPad.
以下指令详细说明了如何在 iPhone 或 iPad 上在操作系统级别启用 SOCKS 代理。
iOS and iPadOS do not natively support SOCKS proxies so a workaround is needed:
iOS 和 iPadOS 并不支持 SOCKS 代理,因此需要采取一种解决方案:
- Create a text file with the .pac extension that includes the following content:
创建一个扩展名为.pac 的文本文件,其中包含以下内容:function FindProxyForURL(url, host) { return "SOCKS localhost:<port being forwarded>; } - Upload the PAC file to a web server, e.g. Dropbox.
将 PAC 文件上传到网络服务器,例如 Dropbox。 - In the wi-fi settings of your device, tap Configure Proxy and then Automatic.
在您的设备无线网络设置中,点击“配置代理”,然后选择“自动”。 - In the URL field, provide the link to the .pac file and save the changes.
在 URL 字段中,提供.pac 文件的链接并保存更改。 - Run your dynamic port forwarding connection.
运行您的动态端口转发连接。
Troubleshooting 故障排除
If you're having trouble forwarding a port, please follow these steps:
如果您在转发端口时遇到困难,请按照以下步骤操作:
- Ensure that the port being forwarded is not used by another process. On Windows, you can use
netstat -antto see local listening ports. On macOS and Linux, usenetstat -tolpn.
确保要转发的端口没有被其他进程使用。在 Windows 系统中,您可以使用netstat -ant查看本地监听端口。在 macOS 和 Linux 系统中,请使用netstat -tolpn。 - If you are having trouble setting up remote port forwarding, make sure
GatewayPortsis set toyesin the remote SSH server configuration.
如果您在设置远程端口转发时遇到困难,请确保在远程 SSH 服务器配置中将GatewayPorts设置为yes。
Was this article helpful?
这篇文章有帮助吗?
84 人中有 182 人认为这有帮助
I spent half a day between reading in blogs and trying different combinations
我花了半天时间在阅读博客和尝试不同的组合之间
but I could not get it to work
但是我没有让它工作
For instance, if my command is:
例如,如果我的命令是:
ssh -L [local-port]:localhost:[remote-port] [user]@[remote-server]
``` ssh -L [本地端口]:localhost:[远程端口] [用户]@[远程服务器] ```
how should I set the port forwarding in termius?
如何在 Termius 中设置端口转发?
杰伊 同步 3 年前
Hi team could you please advise if this is possible to perform multiple port redirection under the same host with only one entry in the port forwarding section ?
您好,团队能否告知,是否可以在同一主机下仅在一个端口转发配置中实现多个端口的转发?
阿诺德·马丁 2 年前
Hi! Is it possible to pass on additional arguments to port forwarding setup?
你好!在端口转发设置中,能否传递额外的参数呢?
For example, on my laptop I run `ssh -f -N -L 1234:localhost:8787 username@server`. I understand that the local port forwarding described in the article is equivalent to `ssh -L 1234:localhost:8787 username@server`. While this technically works, I experience some issues with page updating and I was wondering whether it can be due to the omission of `-f -N` flags.
例如,在我的笔记本电脑上,我运行 `ssh -f -N -L 1234:localhost:8787 username@server`。我明白文章中描述的本地端口转发等同于 `ssh -L 1234:localhost:8787 username@server`。虽然技术上可行,但我遇到了一些页面更新的问题,我想知道这是否与省略了 `-f -N` 标志有关。
努尔法蒂玛·贾达罗娃 1 年前
Under set up dynamic port forwarding, the workaround for SOCKS setup in iPhone and iPad has a typo, correction below:
在设置动态端口转发时,iPhone 和 iPad 上 SOCKS 设置的解决方案中存在一个错别字,更正如下:
function FindProxyForURL(url, host) { return "SOCKS localhost:<port being forwarded>"; }
```plaintext function FindProxyForURL(url, host) { return "SOCKS localhost:"; } ``` ```plaintext function FindProxyForURL(url, host) { 返回 "SOCKS localhost:<被转发端口号>"; } ```
刘诺·巴罗斯 7 个月前