Port Forwarding/Tunneling in Linux

Reading Time: 2 minutes

What is Tunneling?

  • Tunneling is a type of communication between two applications, mostly TCP/IP applications, that talk to each other using an SSH connection.
  • It is also known as SSH Port forwarding.
  • In Simple terms, it routes the local network traffic through SSH to the remote hosts.

When to use Tunneling?

  •  We can use Tunneling to secure the communications between different applications that aren’t secure.

To access geo-restricted content or bypassing intermediate firewalls.

Types of Tunneling/Port forwarding

There are three types of port forwarding with SSH:

1.  Local Port Forwarding

  • We can perform Local port forwarding with  the help of -L parameter.
  • With the help of local port forwarding we can forward a connection from the client host to the SSH server host and then finally to the destination host port.
Syntax:   ssh -L SourcePort:ForwardToHost:DestinationPort    SshSserverhost

 Let’s assume we have an Oracle database server running on machine “db123.host” on a private network, on port 3421 which can be  accessed from the machine mach123.host and we  want to connect using our local machine oracle client to the database server. To do so we can forward the connection as done below:

 $ ssh -L 3331:db123.host:3421 user@mach123.host

2. Remote Port Forwarding

  • Remote port forwarding allows users to connect from  remote machines to the local computer.
  • It is not allowed in ssh by default. To enable it we have to edit SSHD configuration file /etc/ssh/sshd_config on the remote host. 
$ sudo vim/etc/ssh/sshd_config 

Now look for GatewayPorts and then uncomment it and  set it to yes.Now restart sshd to apply the recent change you made by below Command:

  $ sudo systemctl restart sshd 
Syntax: ssh -R RemotePort:localhost:LocalPort    SSHServerHostname

Let’s assume that you are inside the remote server In below command we are redirecting any connections directed at port 8080 to the local machine listening on port 5534. You can configure Remote Port Forwarding by the below command :

 ssh –R 8080:localhost:5534 

3. Dynamic Port Forwarding

  •  Dynamic port forwarding is not very common .
  •  Many people find it easier to use local port forwarding to achieve similar results. 
  •  It allows communication with a single port.
  • Note:  Dynamic port forwarding sets up our machine as  SOCKS proxy server which listens on port 1080, by default. 

We can create a Socks proxy server by using ssh command with -D as an argument.

Syntax:   ssh –D LocalPort SshServerHostname 

In the below command, we have asked to open a local port 6430 on the localhost, which will direct all the requests to that port to the remote host (

ssh –D 6430


In this blog we have looked into SSH port forwarding and its three different types. We also discussed the various commands that are used to perform SSH port forwarding/Tunneling.


Written by 

DevOps Engineer at Knoldus. Loves to solve new problems. Always eager to learn new technologies.

1 thought on “Port Forwarding/Tunneling in Linux3 min read

Comments are closed.