A local (outgoing) tunnel forwards traffic coming to a local port to a specified remote port.
sshg3 on the command line, the syntax of the local tunneling command is
client$ sshg3 -L [protocol/][listen-address:]listen-port:dst-host:dst-port sshserver
[protocol/] specifies which protocol is to be used in the tunneled
connection, it can be
tcp (optional argument). The
[listen-address:] defines which interface on the local client will be
listened to (optional argument). By default all interfaces are listened.
listen-port is the number of the port on the local client, and
connections coming to this port will be tunneled to the server.
dst-host:dst-port define the destination host address and the port to
which the connection is tunneled from the server.
sshserver is the IP address or the host name of the Secure Shell
The host name or IP address of the destination host and sshserver can be defined as regular expressions that follow the egrep syntax, but no wildcards are supported.
Setting up local tunneling allocates a listener port on the local client host. Whenever a connection is made to this listener, the connection is tunneled over Secure Shell to the remote server and another connection is made from the server to a specified destination host and port. The connection from the server onwards will not be secure, it is a normal TCP connection.
Every user with access to the local client host will be able to use the local tunnels.
Figure 6.1 shows the different hosts and ports involved in local tunneling (port forwarding).
For example, when you issue the following
sshg3 command on the command line,
all traffic coming to port 1234 on the client host will be forwarded to port 23 on the
client$ sshg3 -L 1234:localhost:23 --abort-on-failing-tunnel username@sshserver
The forwarding address in the command is resolved at the (remote) end point of the tunnel.
In this case
localhost refers to the server host (
In this example, also the
--abort-on-failing-tunnel option is specified.
It causes the command to abort if creating the tunnel listener fails (for example, if the port
is already reserved). Normally if the connection to the server succeeds, but creating the
listener fails, no error message is given.