# Tunneling/Port Forwarding

### Linux

#### Local  port forwarding

```
ssh <gateway> -L <local port>:<remote host>:<remote port>
```

#### Remote port forwarding

```
ssh <gateway> -R <remote port>:<local host>:<local port>
```

#### Dynamic port forwarding

```
ssh -D <local port> -p <remote port> <target>
```

HTTP tunneling – technique to encapsulate a protocol within HTTP

```
HTTPTunnel or stunnel
```

### Windows

#### Netsh

Netsh is installed on Windows by default, but requires the IP Helper service and IPv6 must be installed (both enabled by default).

```
netsh interface portproxy add v4tov4 listenport=$port listenaddress=$ip connectport=$port connectaddress=$ip
```

{% hint style="info" %}
A firewall rule may be required to open the desired port.
{% endhint %}

```
netsh advfirewall firewall add rule name="forward_port_rule" protocol=TCP dir=in localip=$ip localport=$port action=allow
```

#### Plink.exe

```
plink.exe -ssh -l kali -pw ilak -R 10.11.0.4:1234:127.0.0.1:3306 10.11.0.4
```

```
plink.exe -l root -pw mysecretpassword 192.168.0.101 -R 8080:127.0.0.1:8080
```

### Meterpreter

```
portfwd add -l <attacker port> -p <victim port> -r <victim ip>
portfwd add -l 3306 -p 3306 -r 192.168.1.10
```


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://notes.oncyberwar.com/5.-maintaining-access/tunneling.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.