Firewalls and ssh port forwarding

I recently had to set up a soho router using its web interface from within a firewall. Behind the device, I knew someone—let's call her Alice—with a GNU/Linux system. If not GNU/Linux, it could've been another OS, and in this case the guide would be for PuTTY.

The router was listening on 192.168.0.1:8080, and had only simple authentication mechanisms with no encryption. Hence, the communication would have to be encrypted.

I had Alice run:

ssh -vNR 8080:192.168.0.1:80 alice@knownhost.example.com

This command will:

Instruct knownhost to open a listening socket on localhost:8080
Pipe the communication through the ssh tunnel
Let it reappear at Alice's client, being sent out to 192.168.0.1:80.

Then I ran

ssh -vNL 8080:localhost:8080 skrewz@knownhost.example.com

which:

Instruct my ssh client to listen on :8080
... Likewise, pipe the communication through the ssh tunnel
And let it come out, directed at localhost:8080 in the knownhost end.

I could then connect to localhost:8080, and through two ssh tunnels and an internal LAN connection to the soho router, I could configure the device.

If you have any suggestions, corrections or complaints, I'm reachable at skrewz@skrewz.net.