Local Port Forwarding

In this forwarding type, the SSH client listens on a given port and tunnels any connection to that port to the specified port on the remote SSH server, which then connects to a port on the destination machine. The destination machine can be the remote SSH server or any other machine.

ssh -L [LOCAL_IP:]LOCAL_PORT:DESTINATION:DESTINATION_PORT [USER@]SSH_SERVER

The options used are as follows:

  • [LOCAL_IP:]LOCAL_PORT - The local machine IP address and port number. When LOCAL_IP is omitted, the ssh client binds on the localhost.
  • DESTINATION:DESTINATION_PORT - The IP or hostname and the port of the destination machine.
  • [USER@]SERVER_IP - The remote SSH user and server IP address. 

 

You can forward multiple ports to multiple destinations in a single ssh command.

ssh -L 3336:db001.host:3306 3337:db002.host:3306 [email protected]

If you are having trouble setting up tunneling, check your remote SSH server configuration and make sure AllowTcpForwarding is not set to no. By default, forwarding is allowed.

 

Remote Port Forwarding

 

In this forwarding type, the SSH server listens on a given port and tunnels any connection to that port to the specified port on the local SSH client, which then connects to a port on the destination machine. The destination machine can be the local or any other machine.

ssh -R [REMOTE:]REMOTE_PORT:DESTINATION:DESTINATION_PORT [USER@]SSH_SERVER
  • [REMOTE:]REMOTE_PORT - The IP and the port number on the remote SSH server. An empty REMOTE means that the remote SSH server will bind on all interfaces.
  • DESTINATION:DESTINATION_PORT - The IP or hostname and the port of the destination machine.
  • [USER@]SERVER_IP - The remote SSH user and server IP address.

 

If you have access to a remote SSH server, you can set up a remote port forwarding as follows:

ssh -R 8080:127.0.0.1:3000 -N -f [email protected]

The command above will make the ssh server listen on port 8080, and tunnel all traffic from this port to your local machine on port 3000