

SSH Tunnel – Local and Remote Port Forwarding Explained With Examples - darthdeus
http://blog.sensible.io/2014/05/17/ssh-tunnel-local-and-remote-port-forwarding-explained-with-examples.html

======
userbinator
I find it valuable to memorise the fact that the terms "remote" and "local"
are referring to which end of the tunnel is doing the _listening_ ; with local
forwarding, the local machine, i.e. the one you are SSH'ing from, is the one
that's listening, while with remote it's the remote machine (server) that
listens.

~~~
pmorici
This is so true, I used to have trouble remembering how to do ssh tunneling
w/o looking it up and then one day someone pointed out to just remember wether
you are using a remote or local tunnel the listening side of the tunnel always
comes first. After that it was easy sailing.

------
jimmcslim
I think there's a typo...

"Now let's stop here for a little bit an explain what is actually going on. In
the first example the 9000:github.com:80 is actually saying forward my local
port 9000 to github.com at port 80."

However at that point there is no example that uses github.com as an argument.

Edit: In fact there's possibly an issue with the ports being talked about in
one of the examples too; 8000 vs 9000.

~~~
darthdeus
Thanks for noticing this! It should be fixed now.

------
r4um
Also if you are already logged in and have a tty, by pressing ~C (default) you
can open ssh command line to request or cancel remote/local port forwarding.

------
badinker
I really like openVPN better for this stuff. Have a RPI listening on just
about every port that exists TCP and UDP (via IP tables rules). I travel a
lot. Sometimes places like China. I always get out. Of course I keep the RPI
outside my local DMZ for security reasons.

~~~
rahimnathwani
+1 for this approach if you need access from China. SOCKS won't help if you
have poisoned DNS, so if using ssh you might want to run squid on your server,
and use HTTP proxy instead.

Re: using multiple ports for OpenVPN, I do this too, and it works well in
conjunction with _remote-random_ configured on the client side. In my
experience using the same IP/port for OpenVPN for long periods of time can get
that combo blocked after a few days. TCP seems to have better throughout than
UDP for me, although this didn't used to be the case.

~~~
doctoboggan
I am going to China for two weeks. What software and services should I
investigate to prepare myself?

~~~
rahimnathwani
Get a local 3G SIM card from China Unicom (中国联通). Just ask someone where the
nearest store is.

Subscribe to a VPN service (or rent a cheap VPS and set up your own).

Install these apps on your phone:

\- Pleco (chinese dictionary)

\- Baidu Maps (百度地图)

\- WeChat (微信)

Email me (address in profile) if you want specific advice on VPN etc. or if
you want to grab a beer in Beijing

------
girvo
SSH tunnelling and using it as a SOCKS proxy is easily one of my most used
features of SSH, beyond just logging in. Nice tutorial!

------
weddpros
Very clear explanation! Thanks. RemoteForward is often not explained with a
plausible example.

Hint for an addition: I find it easier to specify tunneling in ~/.ssh/config
file (LocalForward and RemoteForward directives).

~~~
darthdeus
Thanks! I've actually written this out of frustration with the existing
tutorials and kind of for self reference, since every time I want to do a
tunnel I spend 15 minutes googling it :)

