SSH port forwarding

A quick note that might be helpful to others about ssh port forwarding….

Here’s the situation: you have a box that you can ssh to from the public internet… and that box can RDP to a machine running RDP (or any other network protocol). Basically I couldn’t get my company VPN working… so I decided to pass it by using SSH. Here’s how:

ssh -L 3389:someRemoteRDPBox:3389 username@someSshServer

then if you RDP to localhost … it will get forwarded over your ssh tunnel.

You can do similar things with Putty on Windows. I’m using a Mac as my client computer here, but it should work from Linux as well with the exact same syntax etc…

This is a very useful trick. I also find the -D flag useful as it sets up a pseudo-proxy gateway for traffic. That is to say that if you :

ssh -D localhost:54321 username@someSshServer

Then any connection routed through localhost:54321 would emerge on the other side of the tunnel and go on it’s merry way. I find this particularly useful in two circumstances. The first is were I actually need to protect my traffic because I’m on an insecure or untrustworthy network. The second is when I’m on a relatively unreliable network which doesn’t tolerate many connections well or drops out from time to time. For example, if I’m browsing the web on a finnicky network, I point Firefox’s proxy settings to be localhost:54321 and all of my connections are piped through a single connection. Then the host network doesn’t know or care that I’ve got a ton of connections running out through that one pipe and the robustness of the SSH protocol helps with the transport reliability.