Bastion and Dynamic Port
Bastion Host
A bastion host is a special-purpose server designed to act as a gateway between a public network (e.g., the internet) and a private network. It provides secure access to resources in the private network by acting as an intermediary. Bastion hosts are commonly used in cloud environments to securely access servers that are not directly exposed to the internet.
The reason for the name "Bastion host" comes from the term "bastion," which refers to a projecting part of a fortification built at an angle to the line of a wall, so as to allow defensive fire in several directions. Similarly, a Bastion host acts as a fortified gateway, protecting the internal network by acting as the only point of entry for administrative access (such as SSH or RDP) and minimizing the attack surface exposed to the public.