Let’s say you want to connect to the port 8080 on a machine that runs within the firewall of your company. If there’s VPN available, you could use it, however it would affect all your other connections. Probably the easier and most effective way is to use SSH forwarding and connect to the login server of your company or any other machine that you have shell access and can access the remote site on port 8080. You could then use use a local port of your machine to access the remote site:
ssh -L 8080:remotesite.com:8080 email@example.com
Having done that, you can access the remotesite:8080 by typing in your browser ‘localhost:8080’. The remote site thinks (and actually correctly) that all the connections originate from the ‘remoteloginserver.com’ to which your local request to port 8080 are forwarded to.
You may also want to do the opposite. You may want to associate a remote port of a machine to one of your local machine. The most common use of this is if you want to access your machine at home (which is behind a router or firewall) from the login server at work or university. You can associate the port, let’s say 2222 of the remote server with the port 22 of your machine, so when trying to connect to port 2222 of ‘localhost’ (on the remote site), you will be redirected at your home machine:
ssh -R 2222:localhost:22 firstname.lastname@example.org
While you are connected on ‘remoteloginserver.com’, if you try ‘ssh username@localhost -p 2222’ it will get you to your home machine.
To be sure that the chosen port is listening on the remote site, you can grep the netstat output:
# netstat -tunel | grep 2222 tcp 0 0 127.0.0.1:2222 0.0.0.0:* LISTEN 35393 4543448 tcp 0 0 ::1:2222 :::* LISTEN 35393 4543449
Something like this can raise security concerns on who will try to get access to your home machine (or any other). Eventually, anybody who has access to the remote machine and can run an SSH client, can start trying brute-force techniques and your machine being the target. However, is supposed that you use remote port forwarding for a short period of time. It can be very handy to get a specific task done. If you need that for longer term, then you must trust a lot the users that have access to the remote machine and you should implement some kind of access control list on your home machine in order to allow only specific users to connect.