How to Forward Remote Ports

You can expose a service running on your local machine to the playground VM using the standard SSH remote port forwarding. Since the labctl port-forward -R flag is not supported yet, a workaround via labctl ssh-proxy and the standard ssh -R command should be used.

Terminal 1: Start an SSH proxy to the playground VM:

labctl ssh-proxy --address LOCAL_HOST:LOCAL_PORT PLAYGROUND_ID

Terminal 2: Forward a remote port using the standard ssh -R command:

ssh -i ~/.ssh/iximiuz_labs_user \
  -R [REMOTE_HOST:]REMOTE_PORT:[LOCAL_HOST:]LOCAL_PORT \
  ssh://laborant@LOCAL_HOST:LOCAL_PORT

This capability comes in handy when you need to make a service running on your local machine (on intranet) accessible for services running in the remote playground. For example, you can use it to expose a Chrome's debugging port (9222) to a coding agent running in the sandbox VM (see Chrome DevTools MCP). Or you can combine it with exposing HTTP/HTTPS ports to make a local web server accessible on a public URL.

Exposing a local service to the playground VM using a reverse SSH tunnel (SSH -R) combined with the labctl ssh-proxy helper.

Below is a practical example of how to use remote port forwarding.

Exposing a local web server to the playground VM

Start a simple HTTP server on your local machine:

python3 -m http.server 4000

Start a new playground:

PLAY_ID=$(labctl playground start docker)

In a new terminal, start an SSH proxy to the playground:

labctl ssh-proxy --address 127.0.0.1:2222 $PLAY_ID

In yet another terminal, create a remote port forward so that the playground VM's 0.0.0.0:8080 points to your local machine's 127.0.0.1:4000:

ssh -i ~/.ssh/iximiuz_labs_user \
  -R 0.0.0.0:8080:127.0.0.1:4000 \
  ssh://laborant@127.0.0.1:2222

Verify that the local web server is now accessible from inside the playground VM:

labctl ssh $PLAY_ID -- curl -s http://localhost:8080

The output should be the directory listing produced by the Python HTTP server running on your local machine.