How does ssh port forwarding work exactly

I have the following setup: One machine with sshd running (local) behind a router (router) and a second host (remote) tries to access local through the internet and the router via ssh.

Therefor: Port forwarding router:22 -> local:22 (and router as gateway for local) . Works perfectly fine.

If I try to create a ssh tunnel from remote to local as follows:

ssh -L 1234:R:12345 user@R 

this will only work if I also redirect router:1234 -> local:1234.

My understanding was, that ssh will tunnel all the traffic trough its connection on port 22. But it seems, that this is not the case. Am I doing something wrong? Is there any possibility to tunnel all the traffic through a single connection?


Your question was a little unclear to me, so I'm going to specify what I assumed and then try and help you with your problem. You are at the computer 'remote' which is SSH'ing to 'local' and this part works fine. If this is the case we no longer need to worry about router.

Continuing my assumptions, 'local' has a service running on it on port 12345 that you would like to access from 'remote' without opening additional ports on your router. What you would want to do is use the following command from 'remote':

ssh -L 1234:localhost:12345 user@router's_ip

To connect to the service you would then access it through localhost:1234.

The way the port forwarding syntax works is: {local_port}:{proxy_dest}:{proxy_port}

local_port is the port that will open on the client machine you are connecting from, to access it you would use localhost:local_port

proxy_dest is the host you would like to connect to from the perspective of the server you are SSH'ing into

proxy_port is the port on the remote system that you would like to connect to.