SSH Port Forwarding

Noah Petherbridge
kirsle
Posted by Noah Petherbridge on Tuesday, August 17 2010 @ 03:10:21 PM
*bump* (added a new section about getting to other machines on the remote network via port forwarding) - Originally posted on Jan 11, 2010 @ 7:08:50 PM.

This blog post is primarily for my own reference, to avoid having to dig through the manual to look up the occasional edge case.

How to use SSH to do port forwarding. These assume you're on a Unix-like system (Linux or OS X) and not using some lame Windows client like PuTTy.

Forwarding Remote Ports to You

Example: you're behind a firewall at the office, and your home computer is listening on the SSH port. You can connect out of the office to your home computer, opening a port so that, once you're home, you can SSH back to the office again (bypassing the firewall).
ssh -R 9022:localhost:22 remotehost.com
This will open port 9022 on remotehost.com (loopback only; you can only connect to 9022 from the local remotehost.com, not from elsewhere on the internet), and forward it to "localhost:22", where "localhost" refers to your computer at the office, and 22 is of course the SSH port.

By default the remote host only would make port 9022 available on the loopback address, so from your home PC you can do ssh -p 9022 localhost and connect to it, but you can't do e.g. ssh -p 9022 remotehost.com and connect to it from somewhere else on the Internet.

To open the port on all interfaces (thus making it available on the internet too):

ssh -R *:9022:localhost:22 remotehost.com
Replace the * with any other bind address if you want.

Forwarding Local Ports to Remote

If your home computer is running a web server on port 80, and for some reason you can't get to it from the Internet (firewall blocking it, maybe), you can forward a local port on your office computer that gets you to port 80 on your home computer.
ssh -L 8080:localhost:80 remotehost.com
Here, 8080 is opened on your office computer, for the loopback interface only, and localhost:80 refers to port 80 on the remote (home) computer. It's the reverse of ssh -R.

Then you open Firefox and go to http://localhost:8080/ and yer in.

Another example: you have a VNC (remote desktop) server running on remotehost.com, but the VNC protocol itself is insecure, and you don't want your password being sent across the network in clear text to log in. So, you need your VNC traffic to be encrypted via SSH.

Here, remotehost.com is listening on port 5900 (the VNC port). You want to open a port on your local computer to the same number, so that you connect a VNC client to "localhost:5900" and it really connects you to "remotehost.com:5900" over a secure SSH tunnel:

ssh -L 5900:localhost:5900 remotehost.com
Then with your VNC client, just connect it to "localhost".

"Penetrating" the Remote Network

Use case scenario: I'm at the office, and at home only my main PC can be reached from the Internet (the router forwards all ports to it); but, I also left my laptop at home turned on and it has a VNC server and I wanna get remote desktop access to it from work. So I'll use my home PC to set up a bridge so I can connect to the VNC server on the laptop, which has a private LAN IP address of say, 10.10.1.101.

ssh -L 5900:10.10.1.101:5900 remotehost.com
Here "remotehost.com" goes to the main PC which I can access.

This opens up a listening port 5900 on my local (office PC) -- the first 5900 in the command -- and if I connect to it, it will use remotehost.com as a jumping off point to connect onward to 10.10.1.101:5900 (the laptop with a private LAN IP address on the remote network).

Then I point my VNC client at "localhost" and I end up with remote desktop on the laptop.

Using SSH as a Secure SOCKS 5 Proxy

As a bonus, here's how to open up a secure SOCKS 5 proxy over SSH:

ssh -D 8080 remotehost.com
Now you can configure your programs (e.g. Pidgin, Firefox) to use a SOCKS 5 proxy and have them connect to localhost:8080. All their internet traffic will be routed through the SSH tunnel to remotehost.com, secured, and then enter the cloud from there.

Additionally, this can be used to reach other devices on the remote server's LAN that you otherwise couldn't get to. For example, turn on your proxy settings in Firefox and you can navigate to http://192.168.1.1/ to log into the router from the remote LAN (as opposed to a router on your local LAN). The SOCKS 5 proxy would cause Firefox (or any other app configured to use it) to use "remotehost.com" as a jumping off point into the internet, so it can connect to other local network devices on its end just the same.

Categories:

[ Blog ]

Comments

There are 5 comments on this page.

guest
guest
Posted on Wednesday, October 20 2010 @ 01:48:45 PM by chris.

nice summary. thank you

guest
guest
Posted on Friday, January 07 2011 @ 07:33:46 AM by Jim.

Very helpful and also the use of "-D" is
cool

guest
guest
Posted on Saturday, November 30 2013 @ 05:36:02 AM by avioli.

I've tried the above, but I seem to not do something right.
I've got a remote machine that I know its IP/domain and I can SSH into it. On my local computer I've got a local webserver. Is it possible to expose the local webserver on the remote domain?

Local computer forwards a port to remote. Remote exposes a port to forward the local port (which is forwarded from the local).

So http://localhost:8080/ on my local computer can be accessed from, say http://my-domain.com:9090/

guest
guest
Posted on Monday, February 03 2014 @ 09:46:41 PM by RenegadeX.

Hi Buddy,
I tried your "Penetrating" the Remote Network tutorial. I can't seem to make it work. Here's my setup:

Computer-A - Windows7 with putty.exe
Computer-B - ssh server (linux) (124.xxx.xxx.xx)
Computer-C - linux connected to server via ssh (10.95.143.22)

computer-C has VNC server running on port 5905. I wanted to VNC computer-C using my computer-A. computer-A can connect to computer-B via ssh. here is what I did

putty.exe -L 5905:10.95.143.22:5905 124.xxx.xxx.xx

I was asked for computer-B user & password, i logged in

then I open vnc viewer from computer-A and tried to access localhost:5905. i got an error "the connection closed unexpectedly".

do you have any ideas to fix this?

guest
guest
Posted on Saturday, March 08 2014 @ 07:28:23 PM by Kevin.

Hey this is an awesome summery of what you can do with SSH. Thanks for this!

Add a Comment

Your name:
Your Email:
Message:
Comments can be formatted with Markdown, and you can use
emoticons in your comment.

If you can see this, don't touch the following fields.