Computers GNU/Linux Network Networking SSH

SSH tunnels

By jeffryw January 26, 2025No Comments

SSH Tunneling

Let’s keep it simple. The commands below show how to set up SSH tunnels for different situations, whether you need to bring a remote port onto your local machine (-L), make a local port accessible on a remote machine (-R), or set up a SOCKS proxy (-D).

Local Port Forwarding (Option: `-L`)

When you use local port forwarding, you’re effectively taking a port on your local computer and plugging it into a port on the remote server. This lets you pretend that a remote service is actually running on your own machine.

Scenario	Command	Explanation
Forward a remote website to your local port 8888	`ssh -L 8888:localhost:80 [email protected]`	After you run this, if you go to `http://localhost:8888` in your browser, you’ll see the remote server’s web page that’s actually on port 80.
Access a remote database (PostgreSQL on port 5432)	`ssh -L 5432:localhost:5432 [email protected]`	Point your local database client at `localhost:5432`, and it talks securely to the remote database.
Forward multiple ports in one go	`ssh -L 8080:localhost:80 -L 8443:localhost:443 [email protected]`	This way, you can forward two services (like HTTP and HTTPS) at once.
Run in the background	`ssh -fN -L 8000:localhost:80 [email protected]`	Add `-fN` if you just want the tunnel and don’t need an interactive shell. SSH will hang out silently in the background.

Remote Port Forwarding (Option: `-R`)

Remote port forwarding does the opposite: it lets you open a port on the remote server that points back to something running on your local machine.

Scenario	Command	Explanation
Expose your local web server to the remote machine	`ssh -R 8080:localhost:3000 [email protected]`	If your local website runs on `localhost:3000`, then people on `server.example.com` can access it via `localhost:8080` on that remote box.
Allow remote SSH access back to your local machine	`ssh -R 2222:localhost:22 [email protected]`	After connecting, you (or someone on the remote machine) can do `ssh localhost -p 2222` and get into your local system.
Make the remote port publicly reachable	1. On the remote server, enable `GatewayPorts yes` in `/etc/ssh/sshd_config`.

ssh -R 8080:localhost:3000 [email protected] | If GatewayPorts is on, your service is accessible to anyone who can reach the remote server’s IP on port 8080. Be careful with this—it can open your local machine to the internet. |

Dynamic Port Forwarding (Option: `-D`)

Dynamic forwarding sets up a SOCKS proxy on your local computer. Any application that supports SOCKS can use this to route traffic through the SSH server.

Scenario	Command	Explanation
Create a SOCKS proxy on local port 1080	`ssh -D 1080 [email protected]`	Configure your browser to use `localhost:1080` as a SOCKS5 proxy, and you’re browsing through the remote server. Great for security when you’re on untrusted Wi-Fi.
Run that proxy in the background	`ssh -fN -D 1080 [email protected]`	Same effect, but you don’t see a shell session.
Add compression	`ssh -C -D 1080 [email protected]`	`-C` might help if you’re on a slow connection, though it depends on the type of data you’re sending.

Linux networking SSH Tunnel

Last updated on January 26, 2025

Hey, I'm Jeffry. In short I am a person who has spent an inordinate amount of time in the tech world, with a base of experience in hardware and software development. In reality though, I love my family and spend as much time as I can with them. I love working on DIY projects, bringing to life older homes, and exploring the world using my feet or vehicles. The food I have eaten is everything that fits on or in bowls, forks, chopsticks, fingers, and even licking off plates. I have been to most of the states in the US from Washington to California, Wyoming, Florida, North Carolina all the way to New Hampshire. I've seen Mount Rushmore, and drank from a tiny waterfall on Mt Rainier with my Dad. Overseas, Taiwan was amazing and the Bahamas were entertaining to say the least. Yes I love my family, and I love life. In the end though, I always end up back to using computers and doing something with them, ever since I was a child. Starting out in the late 80s, the Tandy 1000 TX and MS-DOS taught me the basics of what hardware and software was. GW-BASIC to QBasic taught me programming early on, BBSes teaching me serial addressing and speeds, my dad teaching me DOS commands, led me to continue that learning of new ideas and technologies throughout my life and career. Eventually I have worked for Congressfolks, county school systems, a college, and larger companies like IBM and Twitter through its transition to X. I have met the most amazing folks on my journey, many sharing adventures and brains with me, working through the toughest of issues and surviving. Maybe I will be able to share some of that here.

Comments

No comments yet. Why don’t you start the discussion?

Leave a Reply Cancel reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.