← Lessons

quiz vs the machine

Gold1450

Networking

Port Forwarding and Tunneling

Reaching services through an SSH tunnel, in both directions.

5 min read · core · beat Gold to climb

Tunnels Through SSH

Once an SSH connection is open, it can carry arbitrary TCP traffic. Port forwarding maps a port on one side of the tunnel to a host and port reachable from the other side, all inside the encrypted channel.

The Three Modes

  • Local forwarding opens a port on your machine that tunnels to a target reachable by the remote server. Use it to reach a database behind a bastion.
  • Remote forwarding opens a port on the remote server that tunnels back to a service on your machine. Use it to expose a local app to a remote network.
  • Dynamic forwarding turns SSH into a SOCKS proxy, routing many destinations chosen at connect time.

Why Tunnel

Tunneling lets you reach internal services without exposing them publicly, encrypt protocols that lack their own security, and traverse firewalls that allow only SSH.

Key idea

Port forwarding carries TCP through an SSH tunnel, with local, remote, and dynamic modes letting you reach internal services securely without exposing them.

Check yourself

Answer to earn rating on the learn ladder.

1. What does local port forwarding do?

2. Which mode turns SSH into a SOCKS proxy?