let's assume a service is listening on remote machine @remote_localhost at port 5000.
NOTE: remote mahcine is not listening on 0.0.0.0 just localhost privately.
I want to forward that remote machine service to me (my local machine).
on my machine
$ ssh -L MY_PORT:MY_LOCALHOST:REMOTE_PORT -C -N -l remote_user remote_host.
example (forward localhost:5000 listening on kali_host to localhost:3000 to my machine).
$ ssh -L 3000:localhost:5000 -C -N -l kali kali_host.
The -L switch specifies the port bindings.
The -C switch enables compression,
while the -N switch tells ssh that we don’t want to execute a remote #command.
The -l switch specifies the remote login name.
another example
$ ssh -L 2222:localhost:22 -C -N -l kali kali_host.
this will forward localhost:22 on kali to localhost:2222 on my mahcine.
This mean I can login to kali using $ ssh -p 2222 kali@localhost command.
forward 192.168.0.134:22 to 192.168.0.16:2222
$ ssh -L 0.0.0.0:2222:0.0.0.0:22 -C -N -l kali kali_host.
In another termianl
$ ssh -p 2222 kali@192.168.0.16.
forward localhost:22 to 192.168.0.16:2222
$ ssh -L 0.0.0.0:2222:localhost:22 -C -N -l kali kali_host.
In another termianl
$ ssh -p 2222 kali@192.168.0.16.
forward 192.168.0.134:22 to localhost:2222
$ ssh -L localhost:2222:0.0.0.0:22 -C -N -l kali kali_host.
In another termianl
$ ssh -p 2222 kali@localhost.
Here
192.168.0.16is my local machine.192.168.0.134is my virtual machine.
In my virtual machine ...
$ ssh -R 2222:localhost:22 laxz@192.168.0.16 -N.
login to my local machine laxz@192.168.0.16
and forward virual machine's localhost:22 to localhost:2222 of my machine.
while the -N switch tells ssh that we don’t want to execute a remote #command.
In my local machine ...
$ ssh -p 2222 kali@localhost