ლ(ಠ益ಠლ)

Linux Pro-Tip: SSH Local Port Forwarding

Often times, it is necessary to circumvent Draconian network policies. SSH local port forwarding to the rescue. For the seasoned administrator this is likely already second-nature.

Per the SSH man page:

1
2
3
-L [bind_address:]port:host:hostport
            Specifies that the given port on the local (client) host is to be
            forwarded to the given host and port on the remote side.

Example of forwarding local port 20000 to hexdump.co:443 (HTTPS) via bob at the host “example.com”:

1
2
#$ ssh -L <port>:<target hostname/IP>:<target port> [email protected]<bastion hostname/IP>
$ ssh -L 20000:hexdump.co:443 [email protected]

You can then reach the intended target via the loopback network interface (“localhost”), 127.0.0.1:

1
https://127.0.0.1:20000

Now your traffic destined for the example target hexdump.co on port 443 will appear to originate from the host “example.com”.

Happy Linux-ing!

Comments