Using SSH to Port Forward


Revision as of 19:49, 7 February 2012 by Perspectoff (Talk | contribs)
(diff) ← Older revision | Current revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Using SSH to Port Forward

  • The (K)Ubuntu host must be running an SSH Server.
  • The format of the client command to create an SSH tunnel to an OpenSSH host listening on the default port 22 is:
ssh -L <local port>:<remote computer>:<remote port> <user>@<remote ip>

An example is:

ssh -L 6669: foowho

In this example, local port 6669 on the local client computer is tunneled by encrypted SSH over the default port 22 to the router at The router must be set up to forward port 22 to whatever the internal LAN IP (such as of the SSH host is. The host is running OpenSSH (ssdh service) and is set to listen to port 22. It then routes the incoming data to the host port 6667, where presumably some other program is waiting for data. foowho has an account on the host running the OpenSSH server.

SSH tunnels can also be established using URLs and even alternate ports. An example is:

ssh -L foowho -p 11022

In this example, local port 5900 on the client is forwarded through an SSH tunnel on port 11022 to The DNS service translates into the appropriate WAN (Internet) IP address, where the router is listening. The router is set up to forward port 11022 to the LAN machine hosting the OpenSSH server, which is listening on port 11022. It then sends the data to whatever program is running on port 5900 on the host.

  • You can forward a local port to a different port on the remote host.
Example: Make port 80 (web server/browser) on the remote host at available locally as port 81
ssh -L 81:
  • You can create secure SSH tunnels to multiple hosts using multiple ports.
ssh -L 81: -L 82: -L 83:

Now, local port 81 locally forwards to port 80 on the host at, local port 82 forwards to port 80 on the host at and local port 83 forwards to port 80 on the host at In this example, user has an account on all three host machines at,, and

  • Once port forwarding is set up by ssh, an application is directed to the SSH tunnel for port usage by using the loopback as the destination.
Example 1:
ssh -L 81:
http://localhost:81 or

will direct a web browser to use port 81 locally, which is being redirected by SSH to port 80 on the remote host at

Example 2:
ssh -L foowho
vncviewer or vncviewer localhost

will direct vncviewer (which uses port 5900 by default) to direct its traffic through the ssh tunnel to the host at, where, presumably, a VNC server is listening on port 5900.

Personal tools