Home > Command-Line, Open Source > SSH Reverse Tunnel

SSH Reverse Tunnel

What we will do in the situation where we want to access a node located behind a firewall, or locate in LAN behind a router. Quite impossible to access it. May be we can do port forwarding it the router to forward our packets to the target node, but we have to be the system administrator of the LAN to do it (or may be ask them to do).

However, if our target node is able contact us from the LAN, we still can access the node without disturbing our lovely system administrator. A tunnel between our node and the node will do the job. In this case, the tunnel is initiated by our target node. This is known as reverse tunnel.

Using ssh, you can set up this easily. Type the command as below:

# ssh -fNR [bind_address:]port:host:hostport] [user@]hostname

As example we want to access the target node (name: localhost) from our node (name: http://www.example.org). The port we want to access is port 22 and it will be accessible from our node at port 2222.

# ssh -fNR 2222:localhost:22 http://www.example.com

After that, the you are prompted password as usual. After successful login, the command quit but it will remains in background.

To access the target node, use our node to access the forwarded port (2222). So let say, if you want to ssh into the machine (because we have forwarded ssh port), we can use this command

# ssh localhost -p 2222

Then we will able to access the node in the LAN. This is valid for other ports as well. Cheers!

Categories: Command-Line, Open Source
  1. mozey
    26/03/2007 at 2:49 pm

    snazzy, thank you

  2. 30/03/2007 at 7:23 pm


    I always assumed something like this was possible but never got around to finding this out. I’ll certainly be giving it a go!

    Best Wishes,

  3. fadli79uk
    03/04/2007 at 1:29 am

    Thank all for the appreciations. Apt-Get Explore mentioned in Command-Line Warriors… that awesome!

  4. G.
    08/04/2007 at 5:24 pm

    also check autossh to keep the tunnel up

  5. fadli79uk
    09/04/2007 at 4:07 am

    # autossh -M 2000 -NR 2222:localhost:22 http://www.example.com

    It give almost the same feature but
    1. it can not accept authentication by file.
    2. when connection terminated, i have to retype the password again to access http://www.example.com. is there any option to skip this?

  6. Adam Lofts
    13/11/2007 at 11:09 pm


    Thanks for the tip. Proved very useful to me. One addition I would make is to mention that GatewayPorts should be set to “yes” or “clientspecified” in sshd_config in order to allow other computers to connect to our reverse forwarded port.


  1. 30/03/2007 at 9:15 pm

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: