A situation may arise where we wish to browse a port that a SSH server can see, however we cannot see from our position in the network. This can be solved with Local Port Forwarding. A hypothetical situation will be detailed to illustrate how this is done.
Bob (Attacker – IP 192.168.1.2) – Wishes to browse the super secret webpage on Suzie’s computer.
Ryan (SSH Server on Port 22 – IP 192.168.1.50 & IP 10.1.1.40) – A dual homed SSH server which Bob has stolen credentials for.
Suzie (Victim running a web service on port 80 – IP 10.1.1.90) – The target we wish to access who is running a super secret intranet page.
ssh <ssh server> -L <Port on Attacker's Machine>:<Victim IP>:<Victim Port We Want>
ssh firstname.lastname@example.org -L 1234:10.1.1.90:80
Once this command is executed, and the password entered, do not interact with this shell. Alternatively you can use the -f -N flag to background the ssh port forward upon connection. In this situation Bob can now browse localhost:1234 and what he will see is actually the secret intranet page Suzie is hosting on port 80, all routed through the SSH server Ryan.