Accessing a Private Network Service Using SSH Port Forwarding

Introduction

Sometimes, you need to access a service running on a machine in your home network, but you don’t have direct access to that machine from outside. Luckily, if you can SSH into another machine on the same network, you can use SSH port forwarding to create a secure tunnel to the target service.

This guide will walk you through setting up SSH local port forwarding to access an internal service as if it were running locally.

Scenario

Here’s the setup:

• Target Machine: Runs a web service on 192.168.1.10:8080.
• Intermediate Machine: You can SSH into this machine from outside the network.
• Your Local Machine: The computer you want to use to access the web service on the Target Machine.

With SSH port forwarding, we’ll make the web service available on your local machine.

Solution: SSH Local Port Forwarding

Command Overview

Here’s the SSH command structure for local port forwarding: ```bash ssh -L [local_port]:[target_ip]:[target_port] [user]@[intermediate_ip] ```

Command Breakdown

• `-L`: Specifies local port forwarding.
• `[local_port]`: Port on your computer (we’ll use `8080` here).
• `[target_ip]:[target_port]`: IP and port of the service you want to access (e.g., `192.168.1.10:8080`).
• `[user]@[intermediate_ip]`: SSH username and IP for the Intermediate Machine.

Step-by-Step

1. Open a Terminal on your local machine.

2. Run the SSH Command: ```bash ssh -L 8080:192.168.1.10:8080 user@intermediate_machine_ip ``` Replace:

   • `user` with your SSH username on the Intermediate Machine.
   • `intermediate_machine_ip` with the IP of the Intermediate Machine in your network.

3. Access the Web Service: Once connected, open your web browser and navigate to `http://localhost:8080`. Your request will securely tunnel through the Intermediate Machine to the Target Machine, making the service accessible as if it were local.

Conclusion

This approach is particularly useful when you need secure access to web services, databases, or other applications on a restricted network. SSH port forwarding ensures all traffic is encrypted and reaches only the intended destination.