It is actually really simple and well documented.
You have a host You want to connect to, but it is behind a linux (anything that has ssh server running on should do) box.
What You need to run is something like this
ssh -L 3387:192.168.0.10:3389 -l user -N ssh_box
on Your local client machine.
3387 – local port to use
192.168.0.10 – remote server where that service is running You need to connect to
3389 – the TCP port that remote service is running on
user – ssh username of course
ssh_box – ssh server Your service is behind of.
If forwarding non privileged ports (over 1024) You do not have to be root on the machine You are running ssh command on.
Using local port over 1024 and avoiding running ssh under root is recommended anyway.
The example by the way opens a connection to rdesktop on 192.168.0.10 which is behind ssh_box.
To use that port forward simply open rdesktop 127.0.0.1:3387 and that is it.
By the way – local and remote port can be the same, but the way I did it is simpler to explain 🙂
SSH port forwarding through multiple machines
A bit more complicated is a situation when a connection through two ssh boxes needs to be done.
To understand this situation better I’ll take an example.
A connection needs to be made to a webmin server running on 192.168.0.10 on port 10000.
This server is behind a firewall and can be accessed through machine with an ip address 18.104.22.168. But ssh server on that machine is not open to the world but only to a machine with an ip address of 22.214.171.124. Unfortunately You are sitting behind another machine with ip 126.96.36.199
First on 188.8.131.52. Everything coming to 127.0.0.1:10000 will go to 192.168.0.10:10000 through a tunnel to 184.108.40.206
ssh -L 10000:192.168.0.10:10000 -l user -N 220.127.116.11
Now 18.104.22.168 can access 192.168.0.10:10000 on its localhost ip 127.0.0.1. It is important to remember, that this way the forwarded port can only be accessed from 127.0.0.1.
To reach that tunnel from 22.214.171.124 we need to make another forward like this and this time on 126.96.36.199
ssh -L 10000:127.0.0.1:10000 -l user -N 188.8.131.52
In here we forward local port 10000 to 127.0.0.1:10000 on host 184.108.40.206, whitch will be forwarded to 192.168.0.10:10000 through host 220.127.116.11.
All we need is to open up a connection to:
This example can be expanded if more hops are needed. Simple as that.