Port-Forwarding

ABOUT

Port forwarding is a technique that allows us to redirect a communication request from one port to another. Port forwarding uses TCP as the primary communication layer to provide interactive communication for the forwarded port. Basically if shortly:

• Local Port-Forwarding is like regular shell. Forwards our traffic through port to victim host port

• Remote Port-Forwarding is like reverse shell. To bypass firewall we make victim host to forward traffic to our host

• Dynamic Port-Forwarding is just a proxy, working with inbound and outbound traffic

LOCAL PORT FORWARDING

Local port forwarding allows you to forward traffic from your local machine to a remote server. This is commonly used to access services behind a firewall or to create a secure channel for data transmission.

How it works

You specify a local port (e.g., 1234) and bind it to a remote service through an intermediary (like an SSH server). Traffic sent to the local port is encrypted and forwarded to the destination.

Use case

Accessing an intranet site or database from your local machine using SSH.

Example

ssh -L <local-port>:<remote-ip>:<remote-port> user@<remote-ip>

REMOTE PORT FORWARDING

Remote port forwarding is the reverse of local port forwarding. It allows a remote machine to forward its traffic to a service on your local machine.

How it works

You expose a local service (e.g., a web server running on your local machine) to a remote server. The remote server listens on a specified port and forwards traffic to your local machine.

Use case

Making a local service accessible to others through a remote server (e.g., for debugging or sharing an application).

Example

ssh -R <remote-port>:localhost:<local-port> user@<remote-ip>

Here, anyone accessing <remote-ip>:<remote-port> will be redirected to your local machine's localhost:<local-port>.

DYNAMIC PORT FORWARDING

Dynamic port forwarding creates a SOCKS proxy, allowing traffic to be forwarded dynamically to various destinations based on requests. This is useful for tunneling multiple connections.

How it works

Your local machine acts as a SOCKS proxy server, and applications can configure this proxy to route traffic through it. The traffic is dynamically forwarded to different destinations through the SSH server.

Use case

Bypassing firewalls, anonymizing traffic, or routing web browsing through an SSH tunnel.

Example

ssh -D <local-port> user@<remote-ip>

This creates a SOCKS proxy on localhost:<local-port>. Applications configured to use this proxy will route traffic through the SSH server dynamically.