SSH Tunneling and Port-Forwarding guide

Dynamic, Remote & Local port-forwarding. Tunneling and Hardening resources.

Remote port forwarding

SEND a port to a remote machine (Executed server-side):

Remote port forwarding image

ssh -R 8080:localhost:9999 user@server

Ports explained:

Ssh [local port]:localhost:[Remote port] [email protected]

ssh -f -R 8080:local-ftp-server:21 [email protected] -N

(-f runs in the background after connection; -N will not run any command remotely) Kill with pkill ssh)

It will “send” localhost’s port 9999 to the remote server, through port 22 (ssh), to its local 8080 port. For example, use the browser to navigate to http://localhost:8080; it will display whatever the remote server is “serving” in its local 9999 port.

  • Examples of use:
    • The server is running an http server at p. 80, only accessible locally, or it is firewalled.
    • When an ftp service is allowed to be accessed only by certain hosts (Or only locally).

Local port forwarding

GET, or "pull" a remote port (Executed client-side):

Local port forwarding image

ssh -L 8080:localhost:9999 user@server

Opens an 8080 port locally, and then “binds” it to the remote server’s localhost 9999 port, through port 22 (ssh service). In short, remote port 9999 can be accessible locally at 8080.

  • Another use example:
    • Same functionality. The only difference is which host is executing the command.
    • A port only accessible locally on another machine, for example an OpenVPN access http interface on the server, and we need to access it remotely, by “bringing” that port back for local use.

Dynamic port forwarding through socksV5 proxy

Dynamic port forwarding image

ssh -D 6666 user@ssh-server

This one has been called “The poor man’s VPN”, and it will act just as a VPN would; It will proxy the connection through localhost’s 6666 port to the remote server, tunneling all the traffic through the ssh protocol.

Use case example:

Once the connection is established, configure a browser to use a proxy, specifying localhost:6666. Then, all the traffic in that specific browser window will be tunneled through the ssh proxy.

For tunneling any specific application through our proxy:

We can use either proxychains (Already installed in distributions like Kali) or tsocks. For installing the latter in Debian:

sudo apt-get install tsocks


tsocks/proxychains nmap -Pn -sV -A

tsocks/proxychains firefox

tsocks/proxychains iceweasel

tsocks/proxychains curl

** This can, of course, be used with whatever protocol we desire, not only SSH, but also Tor, Jondonym, etc.

Port tunneling

Corkscrew - SSH through HTTP proxy -

Sslh - Application protocol multiplexer (Server-side: Allow multiple services through a single port)

ssh security & hardening



Written By


Cybersecurity professional and IT enthusiast with a passion for technology, music, personal growth, and Eastern philosophy. Transitioned from mechanical engineering to IT in 2020, with a full-time interest in Technology, Cybersecurity and recent advances in AI. Seeks to integrate eastern philosophy, mindfulness and a growth mindset into daily life and work.