Remote Tunnels
A remote (incoming) tunnel forwards traffic coming to a remote
port to a specified local port.
With ssh2 on the command line, the syntax of the remote
tunneling command is the following:
$ ssh2 -R [protocol/][listen-address:]listen-port:dst-host:dst-port server
Setting up remote tunneling allocates a listener port on the remote
server. Whenever a connection is made to this listener, the connection is
tunneled over Secure Shell to the local client and another connection is
made from the client to a specified destination host and port. The
connection from the client onwards will not be secure, it is a normal TCP
connection.
Figure Remote tunneling terminology shows the different hosts and ports involved in remote port
forwarding.
Figure : Remote tunneling terminology
For example, if you issue the following command, all traffic which
comes to port 1234 on the server will be forwarded to port 23 on the
client. See Remote tunnel.
$ ssh2 -R 1234:localhost:23 username@sshserver
The forwarding address in the command is resolved at the (local) end
point of the tunnel. In this case localhost refers to the
client host.
Figure : Remote (incoming) tunnel
By default, the server allows remote tunnels from all addresses for all users.
To restrict tunneling for all or for specified users, see Section Securing Tunneling.
