Subscribe to this blog

It can be useful to make a service from your machine available for others, might it be a http server, a game server or even a icecast streaming server. Unfortunately the pain called NAT can prohibit that sometimes. The simple solution is to forward the port from your local machine to a server. The problem I had was that most sources in the internet explain how to forward a port from a host to the local computer by binding the port on this local machine. The fastest way for tunneling is in my opinion to tunnel over SSH, since it has already all facilities for this task. Throughout this article I'll use the term host for referring to the server which will tunnel the port out of the NAT.

First of all, a configuration option has to be set in the host's sshd_config, located at /etc/ssh/sshd_config. There has to be set:

GatewayPorts yes

in order to allow binding ports on the host not only on the loop back interface
but also on all others. Then the service needs to be restarted, on Debian/Ubuntu
sudo service ssh restart

After that the service on the local computer can be started and the tunnel created with the following command

ssh -N -R <bind_address>:<local_port>:localhost:<host_port> <your_host>



Do not spawn a shell


Forward the port with from-to syntax. See below


Specify the address (interface) where the port should be bound to. Standard is loop back (where it isn't reachable from outside).

The lazy can use '*' to bind it to all interfaces.


The port on the local computer.


Port on the host where the service becomes available.


The host where the ssh server runs.


ssh -N -R '*':1234:localhost:5678