ssh port forwarding cheatsheet

ssh_tunnels.sh

# local port forwarding
# the target host 192.168.0.100 is running a service on port 8888
# and you want that service available on the localhost port 7777

ssh -L 7777:localhost:8888 user@192.168.0.100

# remote port forwarding
# you are running a service on localhost port 9999 
# and you want that service available on the target host 192.168.0.100 port 12340

ssh -R 12340:localhost:9999 user@192.168.0.100

# Local proxy through remote host
# You want to route network traffic through a remote host target.host
# so you create a local socks proxy on port 12001 and configure the SOCKS5 settings to localhost:12001

ssh -C2qTnN -D 12001 user@target.host

# How to use socks proxy
sudo apt install dante-client

nano /etc/dante.conf

# clients going anywhere else go via server listening at
# IP address 127.0.0.1, port 12001. Note that unless you have
# specified a direct connection for DNS, or the socksserver is resolvable
# without network traffic, you can't give a hostname for the socksserver,
# you must give a IP address.  (the reasons for that are logical enough,
# you would create a loop otherwise.)
route {
	from: 0.0.0.0/0   to: 0.0.0.0/0   via: 127.0.0.1 port = 12001
	protocol: tcp udp                # server supports tcp and udp.
	proxyprotocol: socks_v4 socks_v5 # server supports socks v4 and v5.
	method: none #username           # we are willing to authenticate via
#                                        # method "none", not "username".
}

# test socks proxy
user@linux:~# socksify telnet 1.1.1.1
user@linux:~# socksify ssh user@1.1.1.1