Hacky IP forwarding with IP aliases and SSH

We interrupt your regularly scheduled broadcast of quality sysadmin programming to bring you a brief announcement on using SSH and hacky port forwards to access something via a LAN IP over the Internet.

If I have a server at home that can _only_ be accessed via 192.168.1.12 (say) – perhaps because it is a web application that rewrites all internal URLs to always go to that IP – how do I get access?

Easy. My application listens on 192.168.1.12:8888, so I’ll give it exactly that:


ip addr add 192.168.1.12/32 dev lo
ssh -L 192.168.1.12:8888:192.168.1.12:8888 user@example.net

So, I add 192.168.1.12/32 as a local IP address, bind SSH to it, forward all packets for 192.168.1.12:8888 over the SSH tunnel to the gateway server (example.net for this example), then it unbundles it from the SSH stream and passes it to the real 192.168.1.12.

It only works for that one port on that one IP address (though you can add individual IPs and ports easily enough!), but the key part is that it works.

To clean up, close your SSH links and run:


ip addr del 192.168.1.12/32 dev lo

Leave a Reply