Notes on SSH Port Forwarding

- - posted in networking, proxy, socks

SSH Local Port Forwarding

Use ssh -L to bind a local port to a remote port

Dynamic Port Forwarding

Use ssh -D to dynamically bind a local port for forwarding. A SOCKS5 will be created. Example:

ssh -D 1080

This binds to and uses local port 1080 for forwarding.

Optionally use -C for data compression.

The above command will log into the, use -f to put ssh to background, and use -N to not to execute a command. i.e.,

ssh -f -N -D 1080

Usage Example

If the tool/app supports socks natively, use localhost:1080 in its setting. Example (curl)

curl --socks5 localhost

If set up correctly, the IP returned will be the machine that is forwarding (

If not, use some socksify tool, for example, use dsocks in OSX: ssh

You can see where you logon using who | grep <user-name>.

A Real World Scenario

Scenario: I want to connect to VNC server at peabody::5903, however, peabody only accepts connection from CSL LAN, while my Macbook is in IllinoisNet (wireless).

Solution: use my office computer ‘orange’ as a proxy. Use local port forwarding:

ssh -L 5903:peabody:5903 orange

This means, forward localhost:5903 via orange to peabody:5903 So if I connect to the vnvserver at:

localhost :1 # port is 5901

I am forwarded to

peabody :3 # port is 5903

More On Port Forwarding