SSH Tunnel for port forwarding

Written by Robert -

Within Linux there are several services available that use a web interface for management. In most of these cases, best practice is to not share those interfaces with the end users because they might abuse the system. Luckily, you can easily block those ports on the firewall of the server and use an SSH tunnel to provide port forwarding to your local machine.

Here are two examples using the CUPS system as an example. CUPS is an acronym for Common Unix Printing System and is developed by Apple. The default port for CUPS is port 631.

From Windows

If you use a Windows device to manage the CUPS on port 631, you can use Putty with SSH port forwarding and your own browser.

In Putty, go to Connection -> SSH -> Tunnels. You need to assign a local port to the remote port of the server. In this case, the local port to use is 20631 and the port on the server is port 631. It wil resemble the image below.

Alt text

Now you can open http://localhost:20631 in your browser and manage the CUPS system.

Alt text

From Linux

It's actually a lot easier to do this from within Linux, if you can remember the command for it. The fastest way to do this is the following:

ssh account@server -L 20631:localhost:631

The Account part is your useraccount at the server and the server is either the IP or the hostname of the server. -L is the part that does the port forwarding. It binds two ports together, first the port on your local machine, then localhost, then the port on the remote machine.

Alt text

After typing in your password you can start your browser. Alt text