You can specify that a local port be forwarded to a remote host. Effectively, a socket is allocated to listen to the port on the local side. The connection from this port is made over a secure channel to the remote host. For example, you might specify port 143 to obtain email remotely with IMAP4. Similarly, a port can be specified on the remote side.
Before You Begin
To use port forwarding, the administrator must have enabled port forwarding on the remote Secure Shell server. For details, see How to Configure Port Forwarding in Secure Shell.
Specify the local port that listens for remote communication. Also, specify the remote host and the remote port that forward the communication.
mySystem$ ssh -L localPort:remoteHost:remotePort
Specify the remote port that listens for remote communication. Also, specify the local host and the local port that forward the communication.
mySystem$ ssh -R remotePort:localhost:localPort
The following example demonstrates how you can use local port forwarding to receive mail securely from a remote server.
mySystem$ ssh -L 9143:myRemoteSys:143 myRemoteSys
This command forwards connections from port 9143 on myLocalHost to port 143. Port 143 is the IMAP v2 server port on myRemoteSys. When the user launches a mail application, the user specifies the local port number for the IMAP server, as in localhost:9143.
Example 6 Using Remote Port Forwarding to Communicate Outside of a FirewallThis example demonstrates how a user in an enterprise environment can forward connections from a host on an external network to a host inside a corporate firewall.
mySystem$ ssh -R 9022:mySystem:22myOutsideHost
This command forwards connections from port 9022 on myOutsideHost to the port where the sshd daemon listens on the local host. Typically, the listening port is port 22.
myOutsideHost$ ssh -p 9022 localhost mySystem$