Hacky IP forwarding with IP aliases and SSH

We interrupt your regularly scheduled broadcast of quality sysadmin programming to bring you a brief announcement on using SSH and hacky port forwards to access something via a LAN IP over the Internet.

If I have a server at home that can _only_ be accessed via (say) – perhaps because it is a web application that rewrites all internal URLs to always go to that IP – how do I get access?

Easy. My application listens on, so I’ll give it exactly that:

ip addr add dev lo
ssh -L user@example.net

So, I add as a local IP address, bind SSH to it, forward all packets for over the SSH tunnel to the gateway server (example.net for this example), then it unbundles it from the SSH stream and passes it to the real

It only works for that one port on that one IP address (though you can add individual IPs and ports easily enough!), but the key part is that it works.

To clean up, close your SSH links and run:

ip addr del dev lo

Leave a Reply