# Local Port Forwarding
In local port forwarding, as the topic reads, any request reaching a local port can be funneled through an SSH connection on another system to finally reach a service running on a third system.
## Scenario/Goal
Here, the compromised system is Linux
Let there be 3 systems - A, B and C.
A -> B is possible through an SSH connection
B -> C is on the same network with access to the service running on C
A -> C There is no accessibility between the two. They could be in completely different networks or a firewall could prevent them from connecting
| System A | Requirement |
| ------------------- | ------------ |
| Level of Compromise | Root Access |
| Softwares | SSH |
| IP | 192.168.1.10 |
| System B | Requirement |
| ------------------- | --------------------------------- |
| Level of Compromise | Elevated Privilege with Passwords |
| IPs | 192.168.1.20, 172.16.1.20 |
| System C | Requirements |
| ------------------- | ---------------------------------------------------------- |
| Level of Compromise | None |
| Softwares | Port no. of service to be accessed (e.g Shares on Windows) |
| IP | 172.16.1.30 |
| | |
### System B is a Linux System - System A
When system B is a linux system, then the following steps have to be followed in System A.
```
sudo ssh -N -L 0.0.0.0:445:172.16.1.30:445 student@192.168.1.20
```
For this example since we are accessing a share the following changes have to be made,
```
sudo nano /etc/samba/smb.conf
min protocol = SMB2 #add this line to the file
sudo /etc/init.d/smbd restart
```
Access the service using the following command,
```
smbclient -L 127.0.0.1 -U Administrator
```
### System B is a Windows System - System B
Here, the compromized machine is a Windows system
When the compromized system B is a Windows system then the following steps have to be followed,
```
netsh interface portproxy add v4tov4 listenport=4455 listenaddress=10.11.0.22 connectport=445 connectaddress=192.168.1.110
```
The firewall rule has to be added for allowing access to the 4455 port,
```
netsh advfirewall firewall add rule name="forward_port_rule" protocol=TCP dir=in localip=192.168.1.20 localport=4455 action=allow
```
{% hint style="info" %}
For this to work, the IP Helper Service has to be running and IPV6 has to be enabled.
{% endhint %}
### Using SOCAT
This is useful especially in the case of compromising a Linux system when the credentials are unknown. However, this method comes with the obvious caveat of SOCAT being installed in the compromised system. Port forwarding can be achieved by executing the following command in the compromised system,
```
socat TCP-LISTEN:445,fork TCP:172.16.1.30:445
```
This will ensure that any packets received on 445 on the compromised system is forwarded to the 445 port on the machine that sits in the internal network.
---
# Agent Instructions: Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.
Perform an HTTP GET request on the current page URL with the `ask` query parameter:
```
GET https://docs.particle42.com/pivoting/port-forwarding/local-port-forwarding.md?ask=
```
The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.
Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.