SSH port forwarding

Local port forwarding

Assume you are on the client computer and will ssh into server.example.com

client$ ssh -L 10080:www.magicmonster.com:80 server.example.com

Once you have connected, leave the ssh login window running.

At this point, on client, there is a port open on localhost:10080

If you access it, it will connect to www.magicmonster.com, from server.example.com.

Instead of binding to localhost on the client, you can specify the interface or listen to all using '*' e.g.

client$ ssh -L '*:10080:www.magicmonster.com:80' server.example.com

Remote port forwarding

Assume you are on the client computer and will ssh into server.example.com

client$ ssh -R 10080:www.magicmonster.com:80 server.example.com

Once you have connected, leave the ssh login window running.

At this point, on the server, there is a port open on localhost:10080

If you access it (from the server), it will connect to www.magicmonster.com, from client.

Instead of binding to localhost on the server, you can specify the interface or listen to all using '*' e.g.

client$ ssh -R '*:10080:www.magicmonster.com:80' server.example.com

Specifying the interface only works if the GatewayPorts option is enabled.

Published: Thursday, 26 June 2014