Local port forwarding

Assume you are on the client computer and want to ssh into server.example.com

$ ssh -L 10080:foo.example.com:80 server.example.com

Once you have connected, leave the ssh login window running.

At this point, on client, there is a port open on localhost:10080

If you access it, it will connect to foo.example.com from server.example.com.

Instead of binding to localhost on the client, you can specify the interface or listen to all using * e.g.

$ ssh -L '*:10080foo.example.com:80' server.example.com

Remote port forwarding

Assume you are on the client computer and will ssh into server.example.com.

$ ssh -R 10080:foo.example.com:80 server.example.com

Once you have connected, leave the ssh login window running.

At this point, on the server, there is a port open on localhost:10080

If you access it (from the server), it will connect to foo.example.com, from the client.

Instead of binding to localhost on the server, you can specify the interface or listen to all using * e.g.

client$ ssh -R '*:10080:foo.example.com:80' server.example.com

Specifying the interface only works if the GatewayPorts option is enabled.