Besides using SSH to connect to servers or networking equipment, you can also use it to tunnel traffic. It works the same way as a VPN as it enables you to reach all hosts behind the SSH server; however, besides being able to reach hosts behind the SSH server, understand that our traffic is also secure because SSH will encrypt it.
In the above example, on the left, you'll see an SSH client running on a computer within our LAN, assigned the IP address of 192.168.1.1. For Windows users, the popular SSH client, PuTTY, can be downloaded for free. Linux and Mac users can initiate SSH sessions directly from the command line.
On the right, we have an SSH server with a public IP of 1.2.3.4. In this example, the SSH server runs on a router, but SSH servers can be hosted on various devices, including Windows, Linux, and Mac systems, as well as routers and NAS (Network Area Storage) devices. Additionally, there's a web server on the right with the LAN IP address of 192.168.2.1.
You can connect to the router through SSH, but did you know it's also possible to access the web server via the SSH tunnel? Let's walk through setting this up with PuTTY.
First, I will type in the IP address of the SSH server, but before we click on "open," let's first configure the SSH tunnel. Take a look at the screenshot of the PuTTY interface below:
Click on Connection to expand the options, then select SSH. Finally, choose Tunnels to set up SSH port forwarding. To access the web server, enter the destination IP address as 192.168.2.1 and the destination port as 80. You can choose any source port you prefer; in this example, we'll use 5000. After setting these options, click Add. The configuration should now appear like this:
You'll now see which ports are set to be forwarded. Click Open, then enter your username and password at the SSH login prompt. The SSH session will start as usual, but with port forwarding running in the background.
Now, open a web browser and connect to the web server by entering the following address:
In the browser's address bar, type localhost:5000 - the source port we specified for port forwarding in PuTTY. You'll see it connects to the web server. This setup means that every time you connect to localhost:5000, it will forward the connection to 192.169.2.1 on port 80.
One great feature of SSH is that you only need to open a single SSH port, and by tunneling traffic like this, you can securely access any device behind the SSH server. All data transmitted through this SSH tunnel is encrypted, providing safe access.
If you're on Linux or macOS, you can skip using PuTTY altogether and use a simpler command-line method instead:
sudo ssh -L 5000:192.168.2.1:80 1.2.3.4
This command line setup is similar to the configuration shown in PuTTY: it connects our local port 5000 to the remote web server at 192.168.2.1 on port 80 through the SSH server at IP address 1.2.3.4.
That's all I wanted to show you! If you found it helpful, feel free to leave a comment below!
Rate This Article
Thanks for reading: How to Configure Port Forwarding with SSH, Sorry, my English is bad:)