Configure Port Forwarding

You can establish a port forwarding tunnel using either the ssh command line or in the client configuration file (/etc/ssh2/ssh2_config).

To configure and use local port forwarding

  1. Pick a local port to use for forwarding. (This procedure uses 2110 as an example.)

    Note: This can be any available port, but don't use port values less that 1024. These ports are, by convention, reserved for services, and may not be available.

  2. Configure your application client (for example your e-mail client) to connect to the forwarded port on the local host rather than to the remote application server socket. For this example:

    Forwarded local port

    Remote application server socket

    localhost:2110

    mailserver.com:110

  3. Connect the Secure Shell client.

    Use local port forwarding to send data from the forwarded local port to the remote application server. The general command line syntax is:

    ssh -L listening_port:app_host:hostport user@sshserver

    For this example, the mailserver runs on the same host as the Secure Shell server. The application host in this case is "localhost" on mailserver.com. The command-line configuration is:

    ssh -L 2110:localhost:110 joe@mailserver.com

  4. Use the application client as you normally would.

    The data is forwarded securely from the listening port on the client host (localhost:2110) through the secure channel to the remote application server's listening socket on mailserver.com (localhost:110).

Forwarding to a Third Host

In the preceding example, the application server and Secure Shell server run on the same host. The forwarded data is encrypted for the entire transit. It's also possible to use port forwarding when the application server runs on a different host. For example:

ssh -L 2110:mailserver.com:110 user@sshserver.com

In this case, data is forwarded through the secure tunnel to sshserver.com. Data is then forwarded in the clear to port 2110 on mailserver.com.