SSH Port Forwarding: Local, Remote and Dynamic Tunnels Explained
SSH Port Forwarding (or SSH Tunneling) is a method that allows devices to communicate securely even over unsecured networks.
With this technique, your network traffic passes through an encrypted SSH tunnel and data confidentiality is maintained.
💡 What Will You Learn in This Guide?
- You will learn Local (-L), Remote (-R) and Dynamic (-D) SSH tunnel types.
- You will be able to apply the usage scenario, configuration steps and security tips of each tunnel.
- With these methods, you will learn how to bypass firewalls, encrypt traffic and secure access to remote services.
🧠 Technical Summary
| Category | Description |
|---|---|
| Main Technical Topic | SSH Port Forwarding (Tunneling): Local (-L), Remote (-R) and Dynamic (-D) types |
| Solved Problem | Transmitting encrypted data on unsecured networks and bypassing firewall restrictions |
| Summary | Local tunnel provides access to remote services, remote tunnel shares local services, dynamic tunnel creates secure proxy. |
🌐 1. What is SSH Port Forwarding?
SSH Tunneling secures network traffic by passing it through an encrypted SSH connection.
This ensures data security, especially in insecure environments such as public Wi-Fi.
🔑 Three basic types:
- Local Port Forwarding (ssh -L): Sends traffic from local to remote service.
- Remote Port Forwarding (ssh -R): Forwards traffic from the remote server to the local service.
- Dynamic Port Forwarding (ssh -D): Creates a SOCKS proxy and tunnels all traffic.
🧩 2. Local Port Forwarding / ssh -L
Local port forwarding encrypted traffic on the local port to a remote server.
💼 Usage Scenarios
- Database Access: Secure connection to a remote PostgreSQL/MySQL database.
- Firewall Bypass: Access to restricted services.
- Test Environment: Testing remote applications locally.
⚙️ Syntax
ssh -L yerel_port:hedef_host:hedef_port kullanici@ssh_sunucu
This command sends traffic on the local port to the target port via SSH tunnel.
🧠 Example
ssh -L 5433:localhost:5432 admin@uzak-sunucu.cloud
Traffic coming to the local port 5433 is encrypted and routed to port 5432 on the remote server. You can now access the remote database via localhost:5433.
✅ Conclusion: Local port forwarding provides secure access to remote resources.
🌍 3. Remote Port Forwarding / ssh -R
Remote port forwarding exposes your local services to the outside world through a remote SSH server.
💡 Usage Scenarios Sharing local web application
Providing external access to systems behind NAT/Firewall
⚙️ Syntax
ssh -R uzak_port:yerel_host:yerel_port kullanici@uzak_sunucu
This command tunnels traffic from the remote port to the local port.
🧠 Example
ssh -R 9090:localhost:8080 devuser@uzak-ssh.cloud
Port 9090 on remote-ssh.cloud is forwarded to local port 8080. So outside users can access your web application.
⚙️ Server Configuration
sudo nano /etc/ssh/sshd_config
GatewayPorts yes
sudo systemctl restart sshd
This setting makes remote ports accessible from external networks.
✅ Conclusion: Remote port forwarding makes local services securely accessible from the internet.
🌀 4. Dynamic Port Forwarding / ssh -D
Dynamic port forwarding creates a SOCKS proxy and passes all network traffic through the SSH tunnel.
💼 Usage Scenarios Secure Web Browsing: Encrypting all traffic on public Wi-Fi networks.
Bypassing Network Restrictions: Accessing blocked sites or resources.
⚙️ Syntax
ssh -D yerel_port kullanici@ssh_sunucu
This command starts a SOCKS proxy on the local port.
🧠 Example
ssh -D 1080 user@guvenli-proxy.cloud
Encrypt traffic by setting your browser to 127.0.0.1:1080 SOCKS5 proxy.
✅ Result: Dynamic routing provides safe and anonymous internet access.
🧰 5. Easy to Use with SSH Configuration File
You can add frequently used tunnels to the .ssh/config file:
Host veritabani-tuneli
HostName uzak-veritabani.cloud
User genixnode-admin
LocalForward 5433 localhost:5432
You can now automatically start the tunnel by typing ssh database-tunnel.
🔐 6. Security Best Practices
| Suggestion | Description |
|---|---|
| Key Authentication | Use SSH keys instead of passwords. |
| Restrict Access | Limit tunneling authority to specific users. |
| Open Limited Port | Do not open unnecessary port forwarding. |
| Apply Updates | Keep the SSH client and server updated. |
| Follow Links | Check for active SSH tunnels with the netstat -tulpn command. |
✅ Conclusion: If you follow the security rules correctly, your SSH tunnels provide a high level of protection.
❓ Frequently Asked Questions (FAQ)
1. Can I forward multiple ports at the same time?
Yes. Multiple -L or -R parameters can be used in a single SSH connection.
ssh -L 80:localhost:8080 -L 3306:localhost:3306 admin@server
2. What is port conflict and how to avoid it?
If the same port is used by another service, a conflict occurs.
sudo lsof -i :5433
This command indicates whether the port is in use.
3. Does SSH tunneling replace VPN?
Partially. Dynamic tunneling (SOCKS proxy) encrypts the traffic of certain applications. However, it does not route all system traffic like a full VPN.
🏁 Result
SSH Port Forwarding is a flexible solution that increases network security and remote access. Thanks to Local (-L), Remote (-R) and Dynamic (-D) tunnels:
Can establish secure connections,
You can encrypt your data,
You can make your development processes safer.
☁️ Test SSH tunneling techniques on the GenixNode platform now and discover the advantages of secure network management.