Create a remote port forwarding connection using SSH

sertxudev

Sergio Peris

Posted on September 26, 2024

Create a remote port forwarding connection using SSH

A tunnel in SSH allows you to access another device in the network using a secure connection.

A remote port forwarding connection allows you to redirect all traffic a device receives at a specific port to your computer. Using it we can grant temporary access to anyone in the world to a computer that is not directly exposed to the internet, behind a NAT for example.

You can also redirect the incoming traffic to another device in your local network, this is useful if you need to have access to a local server, for example, but the internet provider is having an outage.

In order to create a reverse forwarding connection, we need two devices with SSH installed, one with the server and another with the client installation.

Server-side configuration

We need to perform some configurations on the server side in order to be able to create it.

vi /etc/ssh/sshd_config
Enter fullscreen mode Exit fullscreen mode

We need to find the property "AllowTcpForwarding" and change its value to "yes".

AllowTcpForwarding yes
Enter fullscreen mode Exit fullscreen mode

By doing this we will allow the creation of remote port forwarding connections through our server.

Once we changed this configuration we must restart the SSHD service.

systemctl restart sshd.service
Enter fullscreen mode Exit fullscreen mode

Remote port forwarding (Local)

Now that we've got our server configured we can try creating a new connection in order to test out if it's working correctly

For example, we want to make our port 80 (local website) accessible from outside our network using port 8080 of our public server.

ssh -R 8080:127.0.0.1:80 root@sertxudeveloper.com
Enter fullscreen mode Exit fullscreen mode

If we now try to access port 8080 of our server, http://sertxudeveloper.com:8080, we will see the page of our local website.

Let's explain the different parameters of this command:

  • R: Set the mode to remote port forwarding.
  • 8080: The remote port of our server we will use to access.
  • 127.0.0.1: The local device that the remote connections should be forwarded to.
  • 80: The local port of our local device we want to be exposed to the outside.

Remote port forwarding (Remote)

Using the same command as the previous example, we can redirect all the incoming forwarded traffic to a local device that has not initialized the SSH connection.

Let's see an example where this can be useful:

  • We have a local windows server with an internet outage.
  • We have a laptop with SSH installed.
  • We have a remote server with an OpenSSH server installed.
  • Some people need to access the windows server using Remote Desktop.

This is a real example that occurred to me once.

By connecting the laptop to the local wired network and using my mobile phone as a Wi-Fi hotspot we can access the internet and the local network at the same time.

With this configuration, we can create a remote port forwarding connection, so by connecting to the remote port using Remote Desktop we can access the windows server that has no direct connection to the internet.

I used the following command in order to create this remote port forwarding connection:

ssh -R 13389:192.168.1.254:3389 root@sertxudeveloper.com
Enter fullscreen mode Exit fullscreen mode

Using Windows Remote Desktop connecting to the sertxudeveloper.com:13389 host we will be able to connect successfully to our Windows server until the internet outage is over.

Let's explain the different parameters of this command:

  • R: Set the mode to remote port forwarding.
  • 13389: The remote port of our server we will use to access using Remote Desktop.
  • 192.168.1.254: The Windows server we need to access from outside.
  • 3389: The well-known Remote Desktop port.
💖 💪 🙅 🚩
sertxudev
Sergio Peris

Posted on September 26, 2024

Join Our Newsletter. No Spam, Only the good stuff.

Sign up to receive the latest update from our blog.

Related