SSH Port Forwarding

4 min readJun 12, 2017

Port forwarding via SSH creates a secure tunnel between a local computer and a remote machine. The tunnel that creates is a encrypted one. So we can use encrypted protocols securely in SSH tunnels. The SSH tunneling useful in following scenarios. Its better to install a ssh client in your machine.

Local port forwarding

The Web Server is only accessible when you are in the private network. So if you want to access from a another network (public network) you have to do a Local Port Forwarding to accomplish that. So what we want to do is when we call a port of the SSH Server, it should redirect that request to the Web Server.

Assume Web Server listen with port 80 in IP 192.168.1.100. We do not have access to it from outside. So log in to SSH server and make a SSH tunnel to Web Server. While in the Public SSH Server, enter following command to make a SSH tunnel.

ssh -L <listen port >:localhost:<forward port> <username>@<ip of web server>

eg: — ssh -L 2000:localhost:80 user1@192.168.1.100

You have to give the password when logging to the remote machine. 2000 is the port that is going to call from the local machine. 80 is the port which web server listen in the remote machine. user1 is the username of the remote machine.

After making the tunnel, you can access the web service via your browser. You can access it via the public IP as follows with its listening port.

Use http://200.10.2.10:2000 in your address bar of the browser.

Remote Port Forwarding

If you are in a private network and other remote machine need to get a service from your computer, then its where the remote port forwarding method is needed. The diagram shows a similar scenario. The public server is accessible by all machines. Local PC is not accessible by remote machine since its in a private network. So we can make a tunnel between Local PC and Public Server which allows Remote Machine to access the Local PC.

Assume a web service is hosted in the Local PC and it listen by port 80. Remote machine access Local PC via the Public Server. To do a Remote Port Forwarding, you need the access to the Public Server. So while in your Local PC, enter following command.

ssh -R <public listen port>:localhost:<local listen port> <username>@<public server IP>

eg:- ssh -R 5000:localhost:80 user1@200.16.13.56

The 5000 is the port which Public server is listen. It forward the requests coming to port 5000 to port 80 of the Local PC.

Since we considered a web service, the Remote Machine can access to the Web Service in Local PC addressing http://200.16.13.56:5000 in address bar of the web browser.

Dynamic Port Forwarding

This is a interesting port forwarding method. This act as a proxy server where it forward various request for various ports to needed destination. This is very helpful when you have a machine without internet, but you have access to a machine (server) which have internet.

You can make the tunnel by entering following command.

ssh -D <port number> <username>@<remote host>

eg: — ssh -D 8080 user1@200.16.56.12

This make the tunnel between the remote host and your machine. Then you have to forward your out going traffic via this tunnel. The configurations can be done to the whole system or to a single application.

If you want browse web through this connection, you have to set up the browsers for that. The Firefox have its own configurations. But Chrome uses the system proxy settings.

Firefox configuration

You have to get this window in Firefox. In Firefox, go to “Options”, then to “Preferences”. Then move to “Advanced” in side panel and select “Network”. This window has a “Settings” button under “Connections”. Finally you get this window. So if your are using proxy, remove all fields with SSL,FTP,Gopher etc. Then add “localhost” to “SOCKS Host” field and the port. Port is the dynamic port which you defined when making the tunnel. It’s better to give no proxy for localhost. Finally pressing “OK” will set internet for your browser even your machine does not have internet.

Chrome configuration

If you are in windows, open “Internet Options” window. You can search it in Windows search and open (Just press windows key and search for keyword “Internet Options”). Move to “Connections” tab. Then open LAN settings window by pressing “LAN Settings” button. Then enable proxy server by checking the check box and go to advanced settings by pressing “Advanced”. Uncheck the “Use same proxy server for all protocols” and enter the “localhost” to “Socks” field and 8080 to its port. Give localhost for no proxy field. Pressing OK will setup SOCKs proxy for whole system.

This allows to use internet from any application in Windows.

Originally published at http://deshankalupahana.wordpress.com on June 12, 2017.