Show Contents / Index / Search

Configure Port Forwarding

You can establish a port forwarding tunnel using either the ssh command line or in the client configuration file (/etc/ssh2/ssh2_config).

To configure and use local port forwarding

  1. Pick a local port to use for forwarding. (This procedure uses 2110 as an example.)

    Note: This can be any available port, but don't use port values less that 1024. These ports are, by convention, reserved for services, and may not be available.

  2. Configure your application client (for example your e-mail client) to connect to the forwarded port on the local host rather than to the remote application server socket. For this example:

    Forwarded local port

    Remote application server socket


  3. Connect the Secure Shell client.

    Use local port forwarding to send data from the forwarded local port to the remote application server. The general command line syntax is:

    ssh -L listening_port:app_host:hostport user@sshserver

    For this example, the mailserver runs on the same host as the Secure Shell server. The application host in this case is "localhost" on The command-line configuration is:

    ssh -L 2110:localhost:110

  4. Use the application client as you normally would.

    The data is forwarded securely from the listening port on the client host (localhost:2110) through the secure channel to the remote application server's listening socket on (localhost:110).

Forwarding to a Third Host

In the preceding example, the application server and Secure Shell server run on the same host. The forwarded data is encrypted for the entire transit. It's also possible to use port forwarding when the application server runs on a different host. For example:

ssh -L

In this case, data is forwarded through the secure tunnel to Data is then forwarded in the clear to port 2110 on