✨ Port forwarding ✨ Port forwarding

✨ Port forwarding

Dmitry Machulo Dmitry Machulo

Port forwarding allows you to forward a port to another machine, or bring a remote port to a local machine. This is an enormously helpful technique, providing:

  • Secure access to a port that is otherwise not listening on a public network interface. This is common with database servers like MySQL.
  • Encryption for services that may not natively use encrypted connections.

Local, remote, and dynamic forwarding

Local forwarding lets you access a remote server's listening port as though it were local. An example of this technique would be to forward port 3306 (MySQL) to your local machine as port 3306, allowing you to use the MySQL server as though it were running on your local machine.

Remote forwarding opens a port on the remote machine and forwards connections to your local device. An example of this technique would be to open port 8080 on the remote machine and forward requests made on that port to your local machine as port 8080.

In the above two examples, the port numbers match, but this is not a requirement. Sometimes it's better to use a different port on the local or remote machine. This is helpful when a port number is already used or you are running on a machine without root access and you wish to bind a port number lower than 1024.

Dynamic Port Forwarding will turn your Termius client into a SOCKS proxy server. Using this technique you could have a web browser use your SSH connection as a proxy, making your web connection requests appear to come from the remote server instead of your local device.

It's important to note that dynamic port forwarding does not fully replace a VPN server. Programs must specifically support SOCKS proxying.

Add a Forwarded Port

The process for adding a forwarded port is nearly identical on both mobile and desktop.

To begin, open the the Port Forwarding screen in Termius then click New Rule.

At the top you'll notice three options: Local, Remote, and Dynamic. Choose the option that fits your use case. If you're trying to tunnel a database connection, a popular scenario, use Remote.

On the mobile version, you may provide a label for the forwarded port. It is optional.

For the Ports fields, specify the from and to ports. For the bind address, 127.0.0.1 is recommended, though you can change this to another address if you wish to listen on a virtual IP or another network interface on your system.

With Dynamic Port Forwarding, you need only to specify one port - this is the local port that the SOCKS proxy server will listen to and await connections.

Once you've added a port forwarding rule, right-click it and choose Connect or tap it to enable port forwarding.

Troubleshooting

If you're having trouble forwarding a port, please follow these steps:

  1. Ensure that the destination port is not used by another process. On Windows, you can use netstat -ant to see local listening ports. On macOS and Linux, use netstat -tolpn.
  2. Ensure that the port to be forwarded is used by the program you wish to access. For example, if Apache is listening on port 80 on the remote machine, be sure to specify that port.
  3. If you have trouble binding a local port lower than 1024, please use a higher port.
  4. If specifying a bind address different than 127.0.0.1, ensure that the network address is active.

Add comment

Please sign in to leave a comment.