When using local forwarding we are free to pick destination port:
ssh -L 8000:10.10.1.11:80 user@192.168.56.102 - 80 is destination port - we explicitly specify which port to forward to.
Take a look at diagram in this article. If I understand correctly, in dynamic forwarding destination port is somewhat implicit (?):
ssh -D 8080 user@192.168.56.102 - 8080 is local host port, but still it somehow forwards to 80 for us.
Questions:
thanks.
PS. Here https://unix.stackexchange.com/questions/213213/difference-between-local-port-forwarding-and-dynamic-port-forwarding#comment401063_213219 i found some hint to what i'm interested in, pity there are no details provided...
SSH and SOCKS are two completely different and unrelated protocols. But, to answer your questions:
How SOCKS5 proxy knows which port to forward traffic to?
A SOCKS client explicitly tells it where to connect. The destination host/ip and port are input fields in the SOCKS CONNECT command. So, there is no guessing/infering at all.
Does SOCKS5 proxy somehow sniff destination from the protocol of the traffic it proxies?
No. SOCKS is just a tunnel of raw bytes, it has no concept of protocols beyond its own.
Can that destination port be configured?
Not on the proxy itself, no. Since the client decides where to connect, any configuration would be on the client side.
Is it a predefined fixed set of protocols/ports? Smth like http=80 destination port?
No.
Any other internal details of forwarding you can add to clarify the picture.
Read the SOCKS protocol specs.
SOCKS v4: https://www.openssh.com/txt/socks4.protocol
SOCKS v4a: https://www.openssh.com/txt/socks4a.protocol