> For the complete documentation index, see [llms.txt](https://sarpers-organization.gitbook.io/ctftricks/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://sarpers-organization.gitbook.io/ctftricks/_chapter-intro-10/ssh/port-forwarding/trick-0071.md).

# SSH Local Port Forwarding

***

You can use SSH local port forwarding to access services running on the target machine that are bound to internal interfaces (like 127.0.0.1) or are otherwise firewalled from your direct access, provided you have SSH access to the target.

The core technique involves the `-L` flag during the SSH connection:

```bash
ssh <user>@<target_ip> -L [bind_address:]<attacker_port>:<target_bind_address>:<target_port>
```

This command tells your local SSH client to listen on `<attacker_port>`. When a connection is made to your machine on that port (optionally bound to a specific `bind_address` on your local machine), the traffic is forwarded through the SSH tunnel to the target machine, which then initiates a connection to `<target_bind_address>:<target_port>` *from its perspective*. This makes services accessible on your local machine as if they were running there. The `host:hostport` part (`<target_bind_address>:<target_port>`) is relative to the remote host.

For example, to access a service on `127.0.0.1:8000` on the target `10.10.11.214` using the `sau` user, and have it appear on your local machine on port `8000`, you would use:

```bash
ssh sau@10.10.11.214 -L 8000:127.0.0.1:8000
```

To access a web server running on port 80 on the remote machine (`localhost:80` from the remote's perspective) and make it available on your local machine at port 8080, you could use:

```bash
ssh -L 8080:localhost:80 user@remote.host
```

You could then access the service locally by browsing to `http://127.0.0.1:8080`.
