Local computer and remote computer are behind NAT. How to make local network accessible with SOCKS?

I have a

  • Local computer (behind NAT).
  • An intermediate server which is publicly accessible and has a fixed IP address.
  • Remote computer (behind NAT and not the same as local computer).

I’d like to temporarily share access to a website on the local network via the local computer and an intermediate server using SOCKS/SSH, so that a remote computer can view it. Is this possible when both the remote computer and the local computer are behind NAT? If yes, how?

                      NAT       -   Static Public IP  - NAT
Local Network <- Local Computer - Intermediate Server - Remote Computer 

I know I can do this with ngrok and similar services, but I would like to learn how to do it myself using SSH and SOCKS.

Bounty: I will give preference to answers with example code and explanations on how to do it. Thank you.

UPDATE: I require SOCKS for dynamic port forwarding. SOCKS with multiple hops


If you want/need dynamic port forwarding you could try the following configuration:

l-user : user on my-local-computer
i-user : user on intermediate
intermediate : ip address of the intermediate host

on my-local-computer:

ssh -R 10022:localhost:22 i-user@intermediate

on the-remote:

ssh -D 3456 -J i-user@intermediate -p 10022 l-user@localhost

The remote port forwarding between my-local-computer and intermediate must exist before the connection from the-remote is initiated.

In this configuration the-remote acts as an SOCKS5 proxy on port 3456 and forwards the traffic via the intermediate to my-local-comuter where it should end in your local lan.


Assumption: Your local Web-Server runs on a separate host with IP 192.168.1.100
Your intermediate server runs on IP 2.3.4.5

Your local host connects to your intermediate server via ssh and does some remote port forwarding:

sudo ssh -R 10080:192.168.1.100:80 -R 10443:192.168.1.100:443 [email protected]

Your remote host connects to your intermediate server via ssh and does some local port forwarding:

sudo ssh -L 80:localhost:10080 -L 443:localhost:10443 [email protected]

In writing:
The local machine uses a ssh-tunnel with remote port forwarding to 'capture' the ports 10080 and 10443 on the lo interface of the intermediate server. Both remote ports are then forwarded onto port 80 and 443 of the WebServer (192.168.1.100) in your local network.
The remote machine uses its own ssh tunnel to 'capture' the ports 80 and 443 of its own lo interface and forwards those to port 10080 and 10443 on the lo interface of your intermediate server.
Therefore any application on your remote machine connecting to the internal ports localhost:80 or localhost:443 will be forwarded to the internal ports :10080 or :10443 of your intermediate server and then through your local machine on to ports 192.168.1.100:80 or 192.168.1.100:443 on the lan interface of your web server.

Hope that helps.

edit: reworked the ip addresses of the lo interfaces.