| tags:admin forward linux port ssh sysadmin categories:Tech

SSH Port Forwarding - Public Server to Internal Host

ssh user@domain.com -R *:3389: -f -N

I used the above command to forward port 3389 on my server, through my workstation, to my Windows VM on the internal network to allow RDP access to it from the outside world. Note that GatewayPorts yes needs to be set in /etc/ssh/sshd_config on the server with the remote end of the tunnel, so that it can bind to a public interface. Without GatewayPorts, it will only bind to localhost on the remote host.

Here’s a little breakdown of the -R option:

-R remote_address:remote_port:local_address:local_port

Useful trick to allow access to a box that’s behind a firewall or NAT.