• Recent blogs

    How to Create SSH Tunneling or Port Forwarding in Linux

    How to Create SSH Tunneling or Port Forwarding in Linux

    SSH Tunneling

    SSH tunneling (also known as SSH port forwarding) is routing local network traffic through SSH to remote hosts. This implies that all your connections are secured using encryption. It provides an easy way of setting up a basic VPN (Virtual Private Network), useful for connecting to private networks over unsecure Internet. SSH sessions permit tunneling network connections by default and there are three types of SSH port forwarding: local, remote and dynamic port forwarding.

    Local SSH Port Forwarding

    Local port forwarding lets you connect from your local computer to a remote server. Assuming you are behind a restrictive firewall, or blocked by an outgoing firewall from accessing an application running on port 300011 on your remote server.

    You can forward a local port (e.g 8082) which you can then use to access the application locally as follows. The -L flag defines the port forwarded to the remote host and remote port.

    # ssh manas@mail-server.example.com -L 8082: mail-server.example.com:30001

    Adding the -N flag means do not execute a remote command, you will not get a shell in this case.

    # ssh -N manas@mail-server.example.com -L 8082: mail-server.example.com:30001

    The -f switch instructs ssh to run in the background.

    # ssh -f -N manas@mail-server.example.com -L 8082: mail-server.example.com:30001

    Now, on your local machine, open a browser, instead of accessing the remote application using the address mail-server.example.com:30001, you can simply use localhost:8082 or

    Creating a SSH tunnel using MobaXterm on Windows 10

    Remote SSH Port Forwarding

    Remote port forwarding allows you to connect from your remote machine to the local computer. By default, SSH does not permit remote port forwarding. You can enable this using the GatewayPorts directive in you SSHD main configuration file /etc/ssh/sshd_config on the remote host.

    Open the file for editing using your favorite command line editor.

    #  vi /etc/ssh/sshd_config 
    Look for the required directive, uncomment it and set its value to yes, as shown below.

    GatewayPorts yes

    Save the changes and exit. Next, you need to restart sshd to apply the recent change you made.

    #  systemctl restart sshd

    Next run the following command to forward port 5001 on the remote machine to port 30001 on the local machine.

    # ssh -f -N manas@mail-server.example.com -R 5001:localhost:30001

    Dynamic SSH Port Forwarding

    This is the third type of port forwarding. Unlike local and remote port forwarding which allow communication with a single port, it makes possible, a full range of TCP communications across a range of ports. Dynamic port forwarding sets up your machine as a SOCKS proxy server which listens on port 1080, by default. SOCKS is an Internet protocol that defines how a client can connect to a server via a proxy server . You can enable dynamic port forwarding using the -D option.

    The following command will start a SOCKS proxy on port 1080 allowing you to connect to the remote host.

    # ssh -f -N -D 1080 manas@mail-server.example.com

    From now on, you can make applications on your machine use this SSH proxy server by editing their settings and configuring them to use it, to connect to your remote server.

    Creating a Dynamic SSH tunnel using MobaXterm on Windows 10

    No comments