Notes on SSH port forwarding
SSH Local Port Forwarding
Use ssh -L to bind a local port to a remote port
Dynamic Port Forwarding
Use ssh -D to dynamically bind a local port for forwarding. A SOCKS5 will be created. Example:
ssh -D 1080 [email protected]
This binds to remote-server.com and uses local port 1080 for forwarding.
Optionally use -C for data compression.
The above command will log into the remote-server.com, use -f to put ssh to background, and use -N to not to execute a command. i.e.,
ssh -f -N -D 1080 [email protected]
Usage Example
If the tool/app supports socks natively, use localhost:1080 in its setting. Example (curl)
curl --socks5 localhost http://icanhazip.com
If set up correctly, the IP returned will be the machine that is forwarding (remote-server.com)
If not, use some socksify tool, for example, use dsocks in OSX:
dsocks.sh ssh another-server.com
You can see where you logon using who | grep <user-name>.
A Real World Scenario
Scenario: I want to connect to VNC server at peabody::5903, however, peabody only accepts connection from CSL LAN, while my Macbook is in IllinoisNet (wireless).
Solution: use my office computer ‘orange’ as a proxy. Use local port forwarding:
ssh -L 5903:peabody:5903 orange
This means, forward localhost:5903 via orange to peabody:5903 So if I connect to the vnvserver at:
localhost :1 # port is 5901
I am forwarded to
peabody :3 # port is 5903
Comments