Tunneling/Port Forwarding


Local port forwarding

ssh <gateway> -L <local port>:<remote host>:<remote port>

Remote port forwarding

ssh <gateway> -R <remote port>:<local host>:<local port>

Dynamic port forwarding

ssh -D <local port> -p <remote port> <target>

HTTP tunneling – technique to encapsulate a protocol within HTTP

HTTPTunnel or stunnel



Netsh is installed on Windows by default, but requires the IP Helper service and IPv6 must be installed (both enabled by default).

netsh interface portproxy add v4tov4 listenport=$port listenaddress=$ip connectport=$port connectaddress=$ip

A firewall rule may be required to open the desired port.

netsh advfirewall firewall add rule name="forward_port_rule" protocol=TCP dir=in localip=$ip localport=$port action=allow


plink.exe -ssh -l kali -pw ilak -R
plink.exe -l root -pw mysecretpassword -R 8080:


portfwd add -l <attacker port> -p <victim port> -r <victim ip>
portfwd add -l 3306 -p 3306 -r

Last updated