# Dynamic Port Forwarding

Dynamic Port Forwarding is the most practical SSH port forwarding of the lot. In this technique any connection made to a local port can be forwarded to any port on a remote machine through a proxy. Now the connections are not limited to just one system or port, instead any number of connections can be made through proxychains.&#x20;

## Local Port Forwarding

## Scenario/Goal

<figure><img src="/files/ntmePvhY5Is8pD9hu0R8" alt=""><figcaption></figcaption></figure>

Let there be 3 systems - A, B and C.&#x20;

A -> B is possible through an SSH connection

B -> C is on the same network with access to the service running on C

A -> C There is no accessibility between the two. They could be in completely different networks or a firewall could prevent them from connecting  &#x20;

| System A            | Requirement  |
| ------------------- | ------------ |
| Level of Compromise | Root Access  |
| Softwares           | SSH          |
| IP                  | 192.168.1.10 |

| System B            | Requirement                       |
| ------------------- | --------------------------------- |
| Level of Compromise | Elevated Privilege with Passwords |
| IPs                 | 192.168.1.20, 172.16.1.20         |

| System C            | Requirements                                               |
| ------------------- | ---------------------------------------------------------- |
| Level of Compromise | None                                                       |
| Softwares           | Port no. of service to be accessed (e.g Shares on Windows) |
| IP                  | 172.16.1.30                                                |
|                     |                                                            |

### System A

```
sudo ssh -N -D 127.0.0.1:8080 xyz@192.168.1.20
```

We will be using proxychains service as a proxy to send the requests through the SSH tunnel to the targetted systems and services,

```
socks4 	127.0.0.1 8080 #add this line to /etc/proxychains.conf
```

For this example since we are going to scan of a given IP,

```
sudo proxychains nmap --top-ports=20 -sT -Pn 192.168.1.40
```

## Remote Port Forwarding

Similar to the previous scenario, but lets imagine a firewall blocking access to the compromised system B. However, you have gained reverse shell from system B to system A, then the Remote Dynamic Port Forwarding comes in handy.&#x20;

### System B

```
sudo ssh -N -R 8080 xyz@192.168.1.10
```

We will be using proxychains service as a proxy to send the requests through the SSH tunnel to the targetted systems and services,

```
socks4 	127.0.0.1 8080 #add this line to /etc/proxychains.conf
```

For this example since we are going to scan of a given IP,

```
sudo proxychains nmap --top-ports=20 -sT -Pn 192.168.1.40
```


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.particle42.com/pivoting/port-forwarding/dynamic-port-forwarding.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.