Port Forwarding and Tunnelling
SSH Tunnelling¶
Flags¶
| Flag | Description |
|---|---|
| -f | Background after auth (use with -N) |
| -N | No SSH command line. Forwarding only. |
| -L | Local port forward: [bind_addr:]LPORT:HOST:RPORT |
| -R | Remote port forward: [bind_addr:]RPORT:HOST:LPORT |
| -D | Dynamic (SOCKS) forward: [bind_addr:]LPORT |
| -o ExitOnForwardFailure=yes | Exit if any requested -L/-R/-D bind fails; prevents silently running without a tunnel |
| -o ServerAliveInterval=60 | Send SSH keepalive probes every 60s to detect dead connections. |
| -o ServerAliveCountMax=3 | Disconnect after 3 unanswered keepalives (60s interval = 180s timeout) |
Local Port Forwarding¶
Open a local port to access a remote host:port
Remote Port Forwarding¶
Open a remote port (on the SSH server) to access a local host:port
Dynamic Port Forwarding¶
Create local SOCKS proxy that lets you reach remote/internal hosts via the SSH server.
Setup - append socks5 127.0.0.1 <local_port> to the bottom of /etc/proxychains.conf
Once dynamic port forwarding is setup you can access the TCP connections on the remote machine by appending proxychains to the beginning of your commands
Chisel¶
Tunnel over HTTP/WebSocket. Reverse mode: client exposes a local port on the server.
Flags¶
| Flag | Description |
|---|---|
server --reverse |
Enable reverse tunnels |
-p <port> |
Listen/connect port |
--authfile <file> |
Server auth DB (user:pass) |
--auth <user:pass> |
Client auth |
--fingerprint <sha256> |
Pin server key |
Server (public listener)¶
Client (expose local port on server)¶
Examples¶
Expose client 127.0.0.1:3000 at server:8080: