Tunnel Web Traffic via SSH Tunnel

Linux Security

Just a quick one, let’s say you need to tunnel some traffic over an SSH tunnel, its pretty simple to setup, in this example I’m wanting a local port 3128 on my local machine to be tunnelled over the SSH session to a remote server via another server (i.e. an SSH gateway).

ssh username@sshgateway.domain.com -L 3128:destinationserver:3128

Okay, let’s break this down, so the first part is SSH with my username to the sshgateway.domain.com server, this is where my SSH session will terminate. The next part refers to the tunnelling.

-L 3128 that is the local port on my machine that will be tunnelled to the destination server. Then the :destinationserver:3128 is the destination server and its destination port, this can be a FQDN or an IP.

To use this Proxy i’d set my Web Browser point at as the web proxy.

In this case I’m using it to reach a proxy server, but let’s say you want to reach a Windows Remote Desktop on a Windows server, you would use something like the following:

ssh username@sshgateway.domain.com -L 33389:destinationserver:3389

Notice however on the local side i’ve used port 33389 rather than 3389, this is because my machine is already listening on 3389 for local connections, in fact these two ports don’t need to match, all you need to know is what maps to what!

So i’d open the Remote Desktop client and point it at and boom i’d be on the remote desktop of a Windows server via the SSH tunnel.


In (HOMEDIR)/.ssh/config, add this:

Host *
ServerAliveInterval 60

What this does is keep the SSH tunnel and session alive, to ensure it doesn’t just disconnect you when the tunnel goes idle, adjust the time as you see fit.

Leave a Reply

Your email address will not be published. Required fields are marked *