Skip to content

Simple SSH Port Forwarding

by Rui Sousa DevOps

SSH port forwarding (also known as SSH tunneling) allows you to securely forward network traffic from one port to another through an encrypted SSH connection. This is useful when you need to access a service running on a remote server that isn’t publicly exposed.

Local port forwarding

Assuming the remote server has a web service running on port 54242, the following command forwards traffic from the remote server’s port 54242 to your local port 55000:

ssh -L 55000:localhost:54242 user@42.124.12.21

Breaking down the command:

After running this command, you can open http://localhost:55000 in your browser and access the service as if it were running locally.

Remote port forwarding

Remote port forwarding works in the opposite direction — it exposes a service running on your local machine to the remote server. This is useful when you want to let others access something running on your machine through the remote server.

ssh -R 8080:localhost:3000 user@42.124.12.21

This forwards port 8080 on the remote server to port 3000 on your local machine. Anyone who can reach the remote server on port 8080 will be hitting your local service on port 3000.

Running in the background

If you don’t need an interactive shell session, you can run the tunnel in the background:

ssh -f -N -L 55000:localhost:54242 user@42.124.12.21

Forwarding to a third host

Port forwarding isn’t limited to services on the remote server itself. You can also forward traffic to a third host that the remote server can reach:

ssh -L 55000:192.168.1.50:5432 user@42.124.12.21

This forwards your local port 55000 to port 5432 on 192.168.1.50, routed through the remote server. A common use case is accessing a database server on a private network that only the remote server has access to.

Practical use cases

While more complex setups involving firewalls or VPNs are available, SSH port forwarding is often all you need for straightforward scenarios: