SSH Port Forwarding

Can’t (or don’t want to) make Instiki run on port 80, but can’t access anything else externally? One option—an excellent option, actually—is to use SSH port forwarding. Here are the steps:

  1. Run Instiki on port 2500 (assuming that this computer can provide SSH service).
  2. From another computer, try to access it ( and observe that you can’t1.
  3. From that other computer, run the following command2: ssh -L -l yourname -N
  4. Now try accessing your wiki again, this time via http://localhost:2500. It should work this time.

How it Works

Your SSH connection operates over port 22. However, the SSH client at your end and the SSH server at the other end have an agreement to route extra traffic. It goes like this:
  • SSH client listens on localhost:2500 and transmits to the server over port 22.
  • SSH forwards that traffic to which it can do because it’s on the same machine.

You’ve tunneled through the firewall by using an allowed port to access a disallowed port. The mechanism was SSH. That’s why this technique is commonly called SSH tunneling.

All SSH traffic is strongly encrypted, so that’s an extra benefit of this solution.


I use PuTTY instead of command-line ssh (usually) because it remembers my port forward settings. I just click an icon in my Win XP? quick-start area and I’m connected and ready to wiki.

I also have a Fire Fox? keyword set (swikis, for “secure wikis”) so I can access them in a flash.

Jamis Buck’s excellent net-ssh package enables you to perform SSH operations, including port forwarding, with Ruby. I’m trying to create a program that does the tunneling for me, and which is installed as an always-on service, so my Wiki is always accessible and I don’t have to run Pu TTY?. If anyone has written a program like this, please let me know.


This tutorial was written by Gavin Sinclair and I am the first to ackknowledge that it could be improved. If you want to access your Wiki using this method and are having trouble, email me and I’ll help you out and improve this page.


1 If you can access it, then stop reading this tutorial, unless you want to use SSH for security.

2 Basic ssh knowledge is assumed here.

category: Help