Featured image of post Port forwarding using an SSH tunnel

Port forwarding using an SSH tunnel


SSH Tunnels allow you to forward specific ports on a remote server or locally. This is very convenient when we need to get to a specific server in the local network.

Technically, it is possible to forward both local and remote ports. We will consider both cases.

Local port forwarding

Let’s imagine the situation when we are inside a local network, where access to the Internet is blocked by a firewall for all but one server that has direct access to the Internet. We have SSH access to this server. Our task is to connect to a remote server that is on an external SSH network.

For example:

ssh -f -N -L 2222: user@

This command will create a tunnel by opening port 22 of the remote server through the local server, and we can connect to the remote server through port 2222, which will listen on the local interface of our PC.

We should leave the terminal with the tunnel session running, and in the new terminal we can connect to the remote server with the command:

ssh -p2222

Finally, we have SSH access to the remote server.

Remote port forwarding

This case is the opposite of local port forwarding. Let’s imagine the same local network and remote server, only now the local PC has access to the Internet through NAT. Let’s say that a system administrator who has physical access to a remote server needs to RDP to computer, but NAT will not allow him to do so directly.

Consider an example where there is an RDP service that by default is running on local port 3389. Let’s send it to remote port 3333.

ssh -f -N -R 3333: username@

After setting up such a tunnel, the sysadmin sitting behind the remote server will be able to connect to us by RDP using the address in the RDP client.


These simple techniques of tunneling through the SSH protocol allow you to redirect the ports of a local or remote service as you like, which can be useful if you need to bypass certain network restrictions, such as NAT.

All rights reserved.