SnapShooter Learning Center

How to SSH a Tunnel Proxy

Learn how to access a remote resource or expose a local resource to someone else securely via SSH

Simon Bennett]
Simon Bennett
Last Updated: Jan 20, 2021
Table of Contents

SSH Tunneling allows access to resources on the remote server or allows access to your local resources to someone else. You will need to se tup SSH tunneling in two scenarios, 1) You want to access remote resources that you can't access, 2) If you want people from the outside network can access your web server hosted on the local network.

In simple terms, SSH tunneling(Port Forwarding) is a mechanism in the OpenSSH for tunneling the application from the client machine to the server machine. Local port forwarding allows the port on the local computer to the SSH server hosted on the remote server.

There are three different types of SSH tunneling methods. In this tutorial, we will explain each with examples.


# Local Port Forwarding

Local port forwarding is used to forwards a connection from the machine located on the local network to the SSH server and then the destination port. For example, your web server is hosted on the local IP address on your machine located at your office and you want to access it from your home computer.

Generally, local port forwarding is used to connect to a remote service on an internal network like, VNC server or Web server.

To understand local port forwarding better, let's take an example.

  • Your web server running in your office machine on port 80 and its local IP is 192.168.0.100.
  • An SSH server running in your office server on port 22 and its public IP is 10.10.0.12.
  • A Linux machine at your home with an SSH client installed.

Question: You want to connect to your webserver running in your office machine from your Linux machine located at your home.

Solution:

On the Linux machine at your home, open the terminal windows and create a local port forwarding with the following command:

ssh -L 8080:192.168.0.100:80 -f root@10.10.0.12

You will be asked to provide a root password of the server located at 10.10.0.12 to finish the port forwarding.

Now, open a web browser on the Linux machine at your home and type the URL http://localhost:8080. You will be able to access the webserver hosted on your office machine.


# Remote Port Forwarding

Remote port forwarding is the opposite of local forwarding. This method will be useful when you want to make a resource on your local machine available on the SSH server. It allows you to forward a port on the remote SSH server to a port on the local SSH client machine then forward to a port on the destination machine.

To understand Remote port forwarding better, let's take an example.

You are developing a web application on your local machine and want to show a presentation to another developer in a remote place. You have access to a remote SSH server.

  • Your web application running on port 80 on your local machine.
  • A remote SSH server running on the public IP 10.10.0.11.

Now, you will need to set up a remote port forwarding on your local machine. You can do it with the following command:

ssh -R 8080:127.0.0.1:80 -N -f root@10.10.0.11

This will make a remote SSH server listening on port 8080 and tunnel all traffic from this port to your local machine on port 80.

Now, another developer can able to access your web application using the URL http://10.10.0.11:80.


# Dynamic Port Forwarding

Dynamic port forwarding is very similar to a proxy or VPN that allows communication across a range of ports. Using this option, you can make an SSH server acts as a SOCKS proxy server. Dynamic port forwarding will be used When you are using a public Wi-Fi network and want to browse the internet securely without being snooped on.

In this case, you have at least live SSH server access located at your home, office, or cloud machine. Then, you will need to connect to the live SSH server and create a dynamic port forwarding. This will create a SOCKS proxy on your PC and all traffic sent to that proxy will be sent over the SSH server connection and all your browsing history will be secured.

To create a dynamic port forwarding, open your terminal and run the following command:

ssh -D 8080 root@ssh-server-ip

Now, you will need to open your web browser and configure a proxy to use 127.0.0.1 and port 8080. So all traffic from your browser will be redirected through the tunnel.


# Conclusion

In the above guide, you learned how to configure and use SSH tunneling in three different ways. I hope you have now enough knowledge of SSH tunneling and port forwarding.


Did you find this article helpful?