I wanted to port forward 443 of a service to my local machine so that I could access it through my local browser. Since this service is only allowed to NAT gateway IP (only the ec2s in the private subnet are able to access) this wasn’t directly possible.

However if I install socat on the ec2 on the private subnet to behave it as a jump host I would be able to port forward from the whitelisted service to my ec2 on the public subnet and then back to my local machine. This is fairly easy to do with something like socat.

Port forward using Socat

Drop into the public subnet ec2 and forward traffic using socat:

socat TCP-LISTEN:33389,fork,reuseaddr TCP:YOUR_PRIVATE_EC2_IP:3389 

Now all we need to do is rdp using YOUR_PUBLIC_EC2_IP:33389 😊

💡Make sure to change ports accordingly and allow rdp port on both ec2s.