remote port forwarding serve local web app bypassing NAT, tunnel every connection through your server.

remote port forwarding.txt

=============================================================================
first allow port 80,443 through inbound security groups(aws ec2)
allow all for outbound 0.0.0.0/0

on server :
forward privilaged ports(Ports below 1024)
sudo iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 8080

to delete the above rule:

# iptables -t nat --line-numbers -n -L
This will output something like:

Chain PREROUTING (policy ACCEPT)
num  target     prot opt source               destination         
1    REDIRECT   tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:8080 redir ports 8088
2    REDIRECT   tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:80 redir ports 8080
The rule you are interested in is nr. 2, so to delete it:

# iptables -t nat -D PREROUTING 2

to bind to the wildcard address add bellow line to this file 
sudo vim /etc/ssh/sshd_config
GatewayPorts yes
sudo service ssh restart

sudo ssh -nNT -R server_ip:80:localhost:2001 kokila@server_ip
=============================================================================

sudo certbot certonly --webroot -d your-domain.com --dry-run

=============================================================================
tunnel 
ssh -D 8123 -f -C -q -N kokila@server_ip

macos
system preferance> network > adv > proxy > socks "localhost", '8123'
=============================================================================
# no need to look at this
# https://gist.github.com/vkhatri/9269335