SSH Port Forwarding

It is actually really simple and well documented.

You have a host You want to connect to, but it is behind a linux (anything that has ssh server running on should do) box.
What You need to run is something like this
ssh -L 3387: -l user -N ssh_box
on Your local client machine.

3387 – local port to use – remote server where that service is running You need to connect to
3389 – the TCP port that remote service is running on
user – ssh username of course
ssh_box – ssh server Your service is behind of.

If forwarding non privileged ports (over 1024) You do not have to be root on the machine You are running ssh command on.
Using local port over 1024 and avoiding running ssh under root is recommended anyway.

The example by the way opens a connection to rdesktop on which is behind ssh_box.
To use that port forward simply open rdesktop and that is it.
By the way – local and remote port can be the same, but the way I did it is simpler to explain 🙂

SSH port forwarding through multiple machines

A bit more complicated is a situation when a connection through two ssh boxes needs to be done.

To understand this situation better I’ll take an example.

A connection needs to be made to a webmin server running on on port 10000.
This server is behind a firewall and can be accessed through machine with an ip address But ssh server on that machine is not open to the world but only to a machine with an ip address of Unfortunately You are sitting behind another machine with ip

First on Everything coming to will go to through a tunnel to

ssh -L 10000: -l user -N

Now can access on its localhost ip It is important to remember, that this way the forwarded port can only be accessed from
To reach that tunnel from we need to make another forward like this and this time on

ssh -L 10000: -l user -N

In here we forward local port 10000 to on host, whitch will be forwarded to through host

All we need is to open up a connection to:

This example can be expanded if more hops are needed. Simple as that.

Leave a comment

Your email address will not be published. Required fields are marked *