A local (outgoing) tunnel forwards traffic coming to a local port to a specified remote port.

With sshg3 on the command line, the syntax of the local tunneling command is as follows:

client$ sshg3 -L [protocol/][listen-address:]listen-port:dst-host:dst-port sshserver

where:

Setting up local tunneling allocates a listener port on the local client host. Whenever a connection is made to this listener, the connection is tunneled over Secure Shell to the remote server and another connection is made from the server to a specified destination host and port. The connection from the server onwards will not be secure, it is a normal TCP connection.

	Note
	Every user with access to the local client host will be able to use the local tunnels.

Figure 7.1 shows the different hosts and ports involved in local tunneling (port forwarding).

Figure 7.1. Local tunneling terminology

For example, when you issue the following sshg3 command on the command line, all traffic coming to port 1234 on the client host will be forwarded to port 23 on the server.

client$ sshg3 -L 1234:localhost:23 --abort-on-failing-tunnel username@sshserver

The forwarding address in the command is resolved at the (remote) end point of the tunnel. In this case localhost refers to the server host (sshserver).

In this example, also the --abort-on-failing-tunnel option is specified. It causes the command to abort if creating the tunnel listener fails (for example, if the port is already reserved). Normally if the connection to the server succeeds, but creating the listener fails, no error message is given.