ssh port forwarding / tunnel
Local Port Forwarding
Forward a local port to a remote host:
Forward local port 8080 to remote host's port 80.
Example: allow the local host to access a restricted webserver on the remote host.
- ssh -fN -L 127.0.0.1:8080:127.0.0.1:80 user@remote.example.com
- -q = quiet
- -f = put ssh to background
- -N = Do not execute a remote command
- -L = local port forwarding
- Note: the first "127.0.0.1" is optional and prevents to publicly open the 2223 port on the local host
Forward a port to a remote host via an intermediate "jump" host:
- ssh -fN -L 127.0.0.1:8080:remote.example.com:80 user@jump.example.com
Remote Forwarding / Reverse Tunneling
Open port 8080 on the remote host and forward it to port 80 on the local host.
Example: allow anyone on the remote host to access a restricted webserver on the local host.
- ssh -fN -R 8080:127.0.0.1:80 user@remote.example.com
- -R = remote forwarding
Useful Options
- -o ExitOnForwardFailure=yes
- Exit if port forwarding cannot be established
- -o ConnectTimeout=5
- Exit if connection cannot be made after 5 seconds of trying
Terminate the tunnel
- fuser -k -n tcp 8080
- Terminates the tunnel by port number