SSH Tunnels & Port Forwarding
Create local, remote, and dynamic (SOCKS) SSH port forwards from NetStacks to reach services behind a device or bastion — with manual or automatic start.
Overview
SSH tunnels let you reach a service that isn't directly routable from your machine — a management GUI on a device, an API behind a jump host — by forwarding ports over an SSH connection NetStacks already manages.
Forward Types
- Local — a port on your machine forwards to a host:port reachable from the SSH target.
- Remote — a port on the SSH target forwards back to a host:port reachable from you.
- Dynamic (SOCKS) — a local SOCKS proxy that routes through the SSH connection.
Tip
Tunnels pair naturally with jump hosts: reach an isolated management network through the bastion you already connect through.
Starting & Stopping
A tunnel can be started manually when you need it, or configured to start automatically with its session so the forward is always available while you are connected. Tunnel status is visible so you can confirm a forward is up before relying on it.
Q&A
- Q: Difference between a tunnel and a jump host?
- A: A jump host is how you reach a device's SSH; a tunnel forwards other ports/services over an SSH connection. They are often used together.
- Q: Can I keep a forward up for the whole session?
- A: Yes — configure it to auto-start with the session.