I have a couple of devices at home that provide http servers on my local network. I have them tucked nicely behind my firewall so that they are not accessible from the outside, but occasionally, I would like to login to them to perform some reconfiguration or the like. This is where ssh comes to the rescue: you can use it to create a secure tunnel, a port that I can connect to on my local machine that gets routed to my remote machine through my firewall.
The problem is, I can never remember the command, and it takes me a few minutes of thought to reconstruct it. So, I thought I’d write it down here so I’d remember.
The basic command is:
ssh -f mylogin@myserver.com -L 20000:192.168.1.132:80 -N
When I enter http://localhost:20000
on my machine, it’s as if I was accessing the web page on 192.168.1.132 on my local network. Very useful.
I use this on my laptop so I can find it in case it’s stolen. Whenever my laptop can connect to the internet, it connects to my server and opens up a port there. I can then SSH to the server and connect to my laptop.
This allows me to delete files, take pictures of the bastard who stole it, and maybe even trace its location.
You can use “openvpn” or any other vpn daemon and build a tunnel from a remote site to you local network, that way you could have access to all the services running on the machines on a more transparent way and not having to remember which port is forward…
Another approach, halfway between a proper VPN and simple port forwarding is to use the built-in SOCKS proxy in ssh. Just look up the -D switch. Most web clients, and some other applications (like Spotify), support this.
I second the recommendation for using the “-D” SOCKS proxy option available in more recent ssh versions for tunnelling browser sessions. It’s much more flexible than simple port forwarding and works better with SSL web sites. (We can also thank our old friend David Koblas for creating the original SOCKS protocol.)
For commands you need occasionally and often forget I recommend to write a small shellscript wich just can be called instead of looking up the parameters every time. HTH