- There are 2 ways create ssh tunnel, local and remote port forwarding.
local port forward
1. Imagine you’re on a private network which doesn’t allow connections to a specific server imgur.com. To get around this we can create a tunnel through a server (example.com) which can access Imgur.com
## local forward your local 9000 port to imgur.com through example.com $ ssh -L 9000:imgur.com:80 firstname.lastname@example.org
2.you need to connect to a database on a server (example.com) which only allows local connection listens on the port 5432. Forward your local port 9000 to server's 5432.
$ ssh -L 9000:localhost:5432 email@example.com ## connect db on local $ psql -h localhost -p 9000
remote port forward
1. web application on your local listen 3000, and you’d like to show it on internet. But your didn’t public IP. Forward your local:3000 to example.com:9000, example.com have public ip
$ ssh -R 9000:localhost:3000 firstname.lastname@example.org
- SSH doesn’t by default allow remote hosts to forwarded ports, To enable this open /etc/ssh/sshd_config and add
GatewayPorts yes $ sudo service ssh restart
- every time we create a tunnel you also SSH into the server and get a shell. This isn’t usually necessary, as you’re just trying to create a tunnel.To avoid this we can run SSH with the -nNT flags
$ ssh -nNT -L 9000:imgur.com:80 email@example.com