ssh email@example.com -R *:3389:10.105.0.146:3389 -f -N
I used the above command to forward port 3389 on my server, through my workstation, to my Windows VM on the internal network to allow RDP access to it from the outside world. Note that
GatewayPorts yes needs to be set in
/etc/ssh/sshd_config on the server with the remote end of the tunnel, so that it can bind to a public interface. Without GatewayPorts, it will only bind to localhost on the remote host.
Here’s a little breakdown of the
Useful trick to allow access to a box that’s behind a firewall or NAT.