Skip to content

Local Tunneling

More information: A Visual Guide to SSH Tunnels: Local and Remote Port Forwarding

Local tunneling to a server

Traffic between the localhost and remote host can be tunneled via SSH connections. To establish a local tunnel on your remote server, use -L parameter when connecting and must provide

  • Local port for accessing the tunneled connection
  • Remote host IP/name
  • Remote host port

For general usage, connect to 10.0.0.12 on port 80 on your remote host, then your local machine is able to ping or make the connection to the remote host through port 8080.

bash
ssh -f -N -L <local-port>:<remote-host-ip-address/name>:<remote-port> <username>@<host>
# example
ssh -L 8080:10.0.0.12:80 username@host

Now if you go to your browser/curl to localhost:8080, you are able to see the content that hosted at 10.0.0.12:80.

ParametersDescription
-flet SSH go into the background before executing
-Ndoes not open a shell or execute a program on the remote side
-Lestablish a local tunnel to your remote server

If you want to terminate the background connection, you have to find the PID and kill it.

bash
ps aux | grep <local-port>
kill <process-id>
bash
Output
1001      5965  0.0  0.0  48168  1136 ?        Ss   12:28   0:00 ssh -f -N -L 8888:your_domain:80 username@remote_host
1001      6113  0.0  0.0  13648   952 pts/2    S+   12:37   0:00 grep --colour=auto 8888
bash
kill 5965

Local tunneling local network

You can tunnel remote host local network to your local. Here is the animation diagram of the local network web server and common SSH server.

Local tunneling local network

bash
ssh -L 8080:localhost:8080 user@server

Local tunneling private network

You can tunnnel remote host private network to your local. Here is the animation diagram of the private network web server and common SSH server.

Local tunneling private network

bash
ssh -L <local-port>:<server-ip-address>:<server-port> <username>@<bastion-server-ip-address>
ssh -L 8080:10.0.0.12:8080 user@bastion