Port forwarding using SSH

SSH port forwarding let you connect to a server using another server a relay.

For example, if you host a web server in a DMZ behind your office router, you will not be able to access it using its public URL if your workstation is behind the same router.

You can easily implement a workaround if you have access to a server on the Internet. Issue this command on one of the machines connected on the same network as your workstation.

ssh -fN -t -C -D 192.168.1.50:2080 example.com

where

• 192.168.1.50 is the address of the machine that will accept connections from your LAN on port 2080.
• example.com is the machine on the Internet that will establish connections to the final destination

You may need to add the port number on which example.com listen to using the -p option. If SSH listens to port 8787 on example.com, the command would be:

ssh -p 8787 -fN -t -C -D 192.168.1.50:2080 example.com

You may also need to supply a user name to connect to example.com. The command would then look like:

ssh -p 8787 -fN -t -C -D 192.168.1.50:2080 remoteuser@example.com

You can use this setup with a browser if you configure it to use a proxy to connect to the Internet. For example, access the proxy configuration of Firefox: preferences >> advanced >> network >> settings. Choose Manual proxy configuration and fill-out the SOCKS host parameters.

The result will be that Firefox will open the URLs you type-in using the server example.com.