SSH port forwarding is a mechanism in SSH for tunneling application ports from the client machine to the server machine, or vice versa.

Suppose we wish to visit a port in remote but behind the firewall, we can use SSH port forwarding to bind that port into local.

Assume the host in remote is "". Please visit the server in remote, and check the file "/etc/ssh/sshd_config", and make sure the option "AllowTcpForwarding" is not "no".

Since the default option for "AllowTcpForwarding" is "yes", you can simply ignore this option if you can not find this option.

And then, you can type the command in local as follow:

ssh -L 9090:localhost:9091 \
    -L 9190:localhost:9191  \

In this case, it will forward the stream from to localhost:9090, and from to localhost:9190.

Please refer to this page for more examples.

Categories: Code


Ideals are like the stars: we never reach them, but like the mariners of the sea, we chart our course by them.

1 Comment

Alex · November 30, 2020 at 17:28

Firefox 83.0 Firefox 83.0 Mac OS X  10.14 Mac OS X 10.14

yes, tunneling is cool:
1. create local tunnel

# ssh -f -L 8888:localhost:80 root@ -N
root@'s password: xxxxx 

2. check listening post

# netstat -a -n -p | grep 8888
tcp   0   0*   LISTEN 15981/ssh
tcp   0   0 ::1:8888         :::*        LISTEN 15981/ssh 

3. verify ssh process by its PID

# ps -ef | grep 15981
root 15981 1 0 08:38 ? 00:00:00 ssh -f -L 8888:localhost:80 root@ -N 

4 . send HTTP request to server via tunneling

# curl -I
HTTP/1.1 200 OK
Date: Tue, 28 Jan 2020 14:57:26 GMT
Server: Apache/2.2.15 (CentOS)
Last-Modified: Mon, 27 Jan 2020 16:49:16 GMT
ETag: "160096-2c-59d21e3517f9e"
Accept-Ranges: bytes
Content-Length: 44
Connection: close
Content-Type: text/html; charset=UTF-8

Leave a Reply

Your email address will not be published. Required fields are marked *