About ports as Anglehit explains
A standard Linux system has a set of network ports already assigned, from 0-65535. Your system reserves ports up to 1023 for system use. In many systems you can’t elect to use one of these low-numbered ports. Quite a few ports are commonly expected to run specific services. You can find these defined in your system’s /etc/services file.
You can think of a network port like a physical port or jack to which you can connect a cable. When you connect to a remote system, such as with a web browser, you are also “wiring” your browser to a port on your host. This is usually a random high port number, such as 54001. The port on your host connects to the port on the remote host, such as 443 to reach its secure web server.
So why use port forwarding when you have so many ports available? Here are a couple common cases in the life you me and the developer community.
Local port forwarding
Imagine that you are doing web development on a remote system called remote.abc.com. You usually reach this system via ssh but it’s behind a firewall that allows very little additional access, and blocks most other ports. To try out your web app, it’s helpful to be able to use your web browser to point to the remote system. But you can’t reach it via the normal method of typing the URL in your browser, thanks to that pesky firewall.
Local forwarding allows you to tunnel a port available via the remote system through your ssh connection. The port appears as a local port on your system (thus “local forwarding.”)
Let’s say your web app is running on port 8000 on the remote.abc.com box. To locally forward that system’s port 8000 to your system’s port 8000, use the -L option with ssh when you start your session:
$ ssh -L 8000:localhost:8000 remote.abc.com
Wait, why did we use localhost as the target for forwarding? It’s because from the perspective of remote.example.com, you’re asking the host to use its own port 8000. (Recall that any host usually can refer to itself as localhost to connect to itself via a network connection.) That port now connects to your system’s port 8000. Once the ssh session is ready, keep it open, and you can type http://localhost:8000 in your browser to see your web app. The traffic between systems now travels securely over an ssh tunnel!
If you have a sharp eye, you may have noticed something. What if we used a different hostname than localhost for the remote.abc.com to forward? If it can reach a port on another system on its network, it usually can forward that port just as easily. For example, say you wanted to reach a MongoDB or RabbitMQ service on the db.abc.com box also on the remote network. This service typically runs on port 3306. So you could forward it with this command, even if you can’t ssh to the actual db.abc.com host:
$ ssh -L 3306:db.abc.com:3306 remote.abc.com
Now you can run MongoDB commands against your localhost and you’re actually using the db.abc.com box.
Remote port forwarding
Remote forwarding lets you do things the opposite way. Imagine you’re designing a web app for a friend at the office, and want to show them your work. Unfortunately, though, you’re working in a coffee shop, and because of the network setup, they can’t reach your laptop via a network connection. However, you both use the remote.abc.com system at the office and you can still log in there. Your web app seems to be running well on port 5000 locally.
Remote port forwarding lets you tunnel a port from your local system through your ssh connection, and make it available on the remote system. Just use the -R option when you start your ssh session:
$ ssh -R 6000:localhost:5000 remote.abc.com
Now when your friend inside the corporate firewall runs their browser, they can point it at http://remote.abc.com:6000 and see your work. And as in the local port forwarding example, the communications travel securely over your ssh session.
By default the sshd daemon running on a host is set so that only that host can connect to its remote forwarded ports. Let’s say your friend wanted to be able to let people on other example.com corporate hosts see your work, and they weren’t on remote.example.com itself. You’d need the owner of the remote.example.com host to add one of these options to /etc/ssh/sshd_config on that box:
GatewayPorts yes # OR
The first option means remote forwarded ports are available on all the network interfaces on remote.abc.com. The second means that the client who sets up the tunnel gets to choose the address. This option is set to no by default.
With this option, you as the ssh client must still specify the interfaces on which the forwarded port on your side can be shared. Do this by adding a network specification before the local port. There are several ways to do this, including the following:
$ ssh -R *:6000:localhost:5000 # all networks
$ ssh -R 0.0.0.0:6000:localhost:5000 # all networks
$ ssh -R 192.168.1.15:6000:localhost:5000 # single network
$ ssh -R remote.example.com:6000:localhost:5000 # single network
$ man sshd_config
The above one is just food for thought, the man sshd config command
Finally, remember port forwarding only happens as long as the controlling ssh session is open. If you need to keep the forwarding active for a long period, try running the session in the background using the -N option. Make sure your console is locked to prevent tampering while you’re away from it. That’s it for now
Thanks for reading and have a great weekend !