ssh port forwarding in practice

As a global company, it is very common that a server in one site needs to communicate with another server in another site. These days we encounter this situation: a server named A in China, assuming IP, needs to communicate with another server named B in US, assuming IP

However, there is an issue: the server B with IP is only accessible within our US company. The IP packets with this address couldn’t be routed outside of the network in US. It is a local private network. How to fix this issue? We need the server A in China to communicate with the server B in US to do the integration testing.

Here the ssh port forwarding comes in effect. Even though the server B couldn’t be accessible outside of the US, we can easily find another server in US, assuming named C with IP, that can be accessed from China. There should be such kind of servers. Not all the servers in our US company are in the local private network.

Since the server C is in US, usually it can reach the server B, because they are in the same region and the router in the US could be easily configured. We can use the server C as an intermediate server to transfer the traffic between the server A and server B.

Assume server A needs to communicate with server B at port 8080. Let’s run the below command in the server C:

ssh -R 8088: serverB-user@

After the password is entered, the ssh port forwarding has been established. When server A tries to send network traffic to its local port 8088, the traffic will first be transferred to Server C through ssh and then forwarded to server B at port 8080 by server C. With the help of the server C, the traffic between the server A and B is now possible.

This kind of ssh port forwarding is called remote ssh port forwarding. There are other kinds of port forwarding: local port forwarding and dynamic port forwarding. I will not cover it here. If you are interested, you can search it using the google search engine.