Use SSH to forward or tunnel traffic to your remote VPS

Published on Jan 20, 2022

Sometimes you may feel like opening up some ports on your Digital Ocean or Linode VPS in order to access a service like a web dashboard remotely. It's bad security practice to do so because you would open up these ports to anyone out there trying to reach them.

A better and easy way to access your remote services is to use local port forwarding via SSH. A practical example where I needed this was while I was setting up an IPFS node. IPFS is a great way to host data in a distributed and decentralized way. The IPFS package comes bundled with a web-based dashboard that allows you to monitor traffic on your IPFS node.

Thing is, the dashboard runs on port 5001 and is by default not exposed to the public (as it should be). Instead of opening up that port on my server and running the web dashboard on a public IP, it's better to keep it running on 127.0.0.1 keeping curious folks out of your server.

How to use SSH to forward traffic

Using SSH to forward traffic on a local port to your server is quite easy. I'm writing this example based on this excellent blog post.

In order to access my IPFS dashboard locally — which is running on port 5001 on my remote server — we can use the following syntax with SSH.

ssh -L local_port:remote_server:remote_port ssh_user@remote_server

This would translate to the following for my server (users are protected with ssh keys of course)

ssh -L 5001:127.0.0.1:5001 goodbytes@45.78.220.125

The command above forwards all traffic on my local machine on port 5001 (127.0.0.1:5001) to my remote server running the IPFS web dashboard on 127.0.0.1 at port 5001.

In conclusion, browsing locally to 127.0.0.1:5001/webui will forward all these requests to my remote server IP which internally is running the webui dashboard on 127.0.0.1 at port 5001. The result is a secure way to access the webui dashboard without the need to expose services and ports to the public on my VPS.

No comments? But that’s like a Gin & Tonic without the ice?

I’ve removed the comments but you can shoot me a message on Twitter @GoodBytes to keep the conversation going.