Whenever you create an SSH tunnel or port forwarding, by default, it is only available for the local host. Unless specified, it listens to the loopback IP address or the localhost (127.0.0.1). This IP address is not accessible from other hosts, which causes the forwarded port to not be available from the outside.
You can allow public access to your SSH tunnel by creating a port forwarding or tunnel that listens on an accessible IP address and configuring necessary firewall rules to allow incoming connection to the tunnel.
$ ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000 link/ether 00:0c:29:08:63:73 brd ff:ff:ff:ff:ff:ff altname enp2s1 inet 192.168.111.27/24 brd 192.168.111.255 scope global dynamic noprefixroute ens33 valid_lft 66553sec preferred_lft 66553sec inet6 fe80::fc5d:1d5c:ae0e:68f1/64 scope link noprefixroute valid_lft forever preferred_lft forever
$ ssh -fN -D 192.168.111.27:8080 192.168.111.29 user@192.168.111.29's password:
Related: How to create an SSH SOCKS proxy
$ ss -natp | grep 8080 LISTEN 0 128 192.168.111.27:8080 0.0.0.0:* users:(("ssh",pid=2966,fd=4))
$ sudo ufw allow 8080 # Ubuntu and Debian variance $ sudo firewall-cmd --zone=public --permanent --add-port=8080/tcp && sudo firewall-cmd --reload # CentOS and Red Hat variance
$ curl --proxy socks5://192.168.111.27:8080 https://ifconfig.me 115.131.92.137
Comment anonymously. Login not required.