Linux Commands

SSH Port Forwarding on Linux

SSH Port forwarding is used to forward ports between a local and a remote Linux machine using SSH protocol. It is mainly used to encrypt connections to different applications. Even if that application doesn’t support SSL encryption, SSH port forwarding can create a secure connection. You can even use port forwarding to expose a machine to the internet without an internet routable IP address, so that you can access it remotely and securely. There are many more uses of SSH port forwarding.

There are mainly two types of SSH port forwarding. Local port forwarding and remote port forwarding.

In this article I will show you how to do port forwarding on Linux. To follow this article, you will have to have SSH utilities installed on your Linux machine. I will show you how to do it, don’t worry. Let’s get started.

Installing SSH Utilities on Red Hat Enterprise Linux (RHEL) 7 and CentOS 7

On RHEL 7 and CentOS 7 you can install SSH utilities with the following command:

$ sudo yum install openssh-clients openssh-server

Press y and then press <Enter> to continue.

SSH Utilities should be installed.

Installing SSH Utilities on Ubuntu, Debian and Other Ubuntu/Debian Based Distribution

On Ubuntu, Debian, Linux Mint and other distributions based on Ubuntu/Debian operating system, run the following command to install SSH utilities:

$ sudo apt-get install openssh-client openssh-server

Now press y and then press <Enter> to continue.

SSH Utilities should be installed.

Installing SSH Utilities on Arch Linux

If you’re on Arch Linux, run the following command to install SSH utilities:

$ sudo pacman -Sy openssh

Now press y and then press <Enter>.

SSH utilities should be installed.

On Arch Linux, SSH server is not started by default. You will have to manually start it with the following command:

$ sudo systemctl start sshd

Now add SSH server to the system startup, so that it will start automatically when the system boots:

$ sudo systemctl enable sshd

Local Port Forwarding

Local port forwarding is used to forward a port of a remote server on another port of a local computer. An example will help you understand what I mean.

Let’s say you have a server, server1 which has an IP address of 192.168.199.153. server1 has a webserver running. Of course if you’re connected to the same network as the server server1, then you can type in the IP address in the browser and connect to server1 from your computer. But what if you want to access it as if the service is running on your computer on some port? Well that’s what local port forwarding does.

As you can see in the screenshot below, I am able to access the webserver on server1 using its IP address:

Now run the following command from your local computer to forward port 80 (http) to the port 6900 (let’s say) to your local computer:

$ ssh -L 6900:192.168.199.153:80 localhost

Type in yes and then press <Enter> to continue.

Now type in the password of your local computer and press <Enter>.

You’re connected.

Now you can access the webserver you did before as http://localhost:6900 as you can see in the screenshot below.

Remote Port Forwarding

Remote port forwarding is forwarding a port of a local server/computer to a remote server. So even if your local server/computer don’t have internet routable IP address, you can still connect to it using the remote server IP and the forwarded port.

Let’s say you want to connect to the web server of your local computer from the internet. But it does not have an internet routable IP address. You can use a remote (such as VPS) server that can be accessed from the internet and do remote port forwarding with it. I don’t have a VPS. Let’s just assume server1 is the remote server.

First configure server1 server to allow forwarded ports to be accessed over the internet.

To do that, edit /etc/sshd_config with the following command:

$ sudo nano /etc/sshd_config

You should see the following window.

Scroll down and find GatewayPorts as marked in the screenshot below.

Now uncomment it and set it to yes as marked in the screenshot below.

Now press <Ctrl> + x and then press y and then press <Enter> to save the file.

Now restart the SSH server of server1 with the following command:

$ sudo systemctl restart sshd

On my local computer, a webserver is running as you can see in the screenshot below.

Now you can run the following command from the local computer to forward port 80 (http) of your local computer to port 9999 on the remote server server1 which has IP address 192.168.199.153:

$ ssh -R 9999:localhost:80 192.168.199.153

Type in yes and press <Enter>.

Type in the password of your remote server server1.

You’re connected.

As you can see from the screenshot below, I am able to connect to port 9999 on my remote server server1 and access my local web server.

I can also connect to my webserver using the IP address of the remote server server1 and the forwarded port 9999 from other computers on my network as you can see from the screenshot below.

That’s how you do SSH port forwarding on Linux. Thanks for reading this article.

About the author

Shahriar Shovon

Freelancer & Linux System Administrator. Also loves Web API development with Node.js and JavaScript. I was born in Bangladesh. I am currently studying Electronics and Communication Engineering at Khulna University of Engineering & Technology (KUET), one of the demanding public engineering universities of Bangladesh.