SSH Port Forwarding: My Practical Notes

Personal notes from setting up SSH port forwarding.

Local Port Forwarding

This allows you to access a remote service as if it were running locally. Use Case: Accessing a database or service on a remote server that is not exposed to the public internet.

On the server

Start a service (example using a Python web server):

python -m http.server 1234

On my laptop

Forward local port 8080 to remote port 1234:

# ssh -L [local-address]:local-port:[remote-address]:remote-port user@server-ip
ssh -L 0.0.0.0:8080:0.0.0.0:1234 user@server-ip

Now I can access the service running on the server from my browser at: http://localhost:8080

Remote Port Forwarding

This allows you to expose a local service to an external network. Use Case: Sharing a local web development server with a remote team member when your machine is behind NAT or a firewall.

On the server

Configure the SSH server to allow forwarded ports from external addresses by editing /etc/ssh/sshd_config:

# Change from:
# GatewayPorts no
# To:
GatewayPorts yes

Then restart the SSH service:

sudo systemctl restart sshd

Ensure the server’s firewall -in my case UFW- allows the forwarded port you’re exposing (e.g., port 8080):

sudo ufw allow 8080/tcp
sudo ufw status  # Verify the rule is active

On my laptop

Run the local service (example using Python HTTP server):

python -m http.server 1234
# Output:
# Serving HTTP on 0.0.0.0 port 8080 (http://0.0.0.0:1234/)

Forward remote port 8080 to local port 1234:

# ssh -R [remote-address]:remote-port:[local-address]:local-port user@server-ip
ssh -R 0.0.0.0:8080:0.0.0.0:1234 user@server-ip

Now, the local service can be accessed from anywhere at: http://server-ip:8080