I find it valuable to memorise the fact that the terms "remote" and "local" are referring to which end of the tunnel is doing the listening; with local forwarding, the local machine, i.e. the one you are SSH'ing from, is the one that's listening, while with remote it's the remote machine (server) that listens.

This is so true, I used to have trouble remembering how to do ssh tunneling w/o looking it up and then one day someone pointed out to just remember wether you are using a remote or local tunnel the listening side of the tunnel always comes first. After that it was easy sailing.

Also if you are already logged in and have a tty, by pressing ~C (default) you can open ssh command line to request or cancel remote/local port forwarding.

I think there's a typo...

"Now let's stop here for a little bit an explain what is actually going on. In the first example the 9000:github.com:80 is actually saying forward my local port 9000 to github.com at port 80."

However at that point there is no example that uses github.com as an argument.

Edit: In fact there's possibly an issue with the ports being talked about in one of the examples too; 8000 vs 9000.

Thanks for noticing this! It should be fixed now.

I really like openVPN better for this stuff. Have a RPI listening on just about every port that exists TCP and UDP (via IP tables rules). I travel a lot. Sometimes places like China. I always get out. Of course I keep the RPI outside my local DMZ for security reasons.

+1 for this approach if you need access from China. SOCKS won't help if you have poisoned DNS, so if using ssh you might want to run squid on your server, and use HTTP proxy instead.

Re: using multiple ports for OpenVPN, I do this too, and it works well in conjunction with remote-random configured on the client side. In my experience using the same IP/port for OpenVPN for long periods of time can get that combo blocked after a few days. TCP seems to have better throughout than UDP for me, although this didn't used to be the case.

I am going to China for two weeks. What software and services should I investigate to prepare myself?

Get a local 3G SIM card from China Unicom (中国联通). Just ask someone where the nearest store is.

Subscribe to a VPN service (or rent a cheap VPS and set up your own).

Install these apps on your phone:

- Pleco (chinese dictionary)

- Baidu Maps (百度地图)

- WeChat (微信)

Email me (address in profile) if you want specific advice on VPN etc. or if you want to grab a beer in Beijing

SSH tunnelling and using it as a SOCKS proxy is easily one of my most used features of SSH, beyond just logging in. Nice tutorial!

Very clear explanation! Thanks. RemoteForward is often not explained with a plausible example.

Hint for an addition: I find it easier to specify tunneling in ~/.ssh/config file (LocalForward and RemoteForward directives).

Thanks! I've actually written this out of frustration with the existing tutorials and kind of for self reference, since every time I want to do a tunnel I spend 15 minutes googling it :)

I just set this up and there was one gotcha, the syntax is slightly different at least on my version (OpenSSH_6.6p1 Ubuntu-2ubuntu1).

The LocalForward and RemoteForward takes two arguments instead of one, so I had to use:

    LocalForward localhost:8000 localhost:80

There were a lot of examples online of the syntax being just like the command line, so mine's either very outdated or it was recently changed.