I had the difficult task of trying to port forward some traffic that was
blocked in the firewall. Using putty on my local host I am able to
tunnel (5900, 1044, and 1045) traffic to the remote host.

My situation:
MyPc on Intranet -> /FW/ -> Hop box -> /FW/ -> Desired/Network ->/FW/ =>
INTERNET

Here is an outline of what needs to be done.

IN putty go to the tunnels section:
SOURCE PORT: 5900
DESTINATION: 15900

In the upper box you should not have a line that looks like
L5900 localhost:15900

Do the same for EACH port that you have to forward. Now go to
the SSH section. IN the line that states Remote Command put something
like the following:

ssh -NL 15900:Final_destination:5900 -L 1180:final_destination:80
10443:final_destination:443
host_that_can_talk_to_final_destination

It is IMPORTANT that the ports in the ssh -NL line match that what was
used in the Tunnel section, as well you might want to have SSH keys
setup so that you do not have to log into the systems. I also have on
the configuration page a HOP/JUMP server that can talk to
host_that_can_talk_to_final_destination

now point your traffic to local host after you started the SSH session
and you are good to go. You can not have ports duplicated because the
port is in use and if you are not root the Listen port needs to be
grater than 1024 unless your OS lets you open the privileged ports.


I hope this helps.

Now do not use this to bypass a corporate firewall to get to porno
sites, or other sites that would violate your company policies.

If more concise details are needed just ask I will provide what I can.
--
Leif Ericksen

On Thu, 2007-08-09 at 19:31 -0700, Robert Hajime Lanning wrote:
> For X, ssh should setup the whole thing itself. It actually makes a
> virtual X server
> on the server side and proxies things across, taking care of
> authentication issues.
> Your $DISPLAY would be something like "localhost:10".
>
> Use the "-X" option.
>
> For other port forwarding, your syntax is correct. You just need to
> have whatever
> program connect to localhost, not your client machine.
>
> On 8/8/07, Charles Ritter wrote:
> > Hello,
> >
> > Does SSH support forwarding miscellaneous ports between two firewalled
> > hosts? My scenario is this:
> >
> >
> > 12345-| |-12345
> > MyPC |---------------22-| Server
> > 6000-| |-6000
> >
> >
> > Forwarding 12345 on server to MyPC:
> >
> > ssh -R 12345:mypc:12345 server
> >
> > This seem to work as long as mypc can be resolved by the server.
> > However, it does not work when mypc is NAT'd and unresolvable.
> > Shouldn't it work though? Considering I initiated the connection,
> > shouldn't the remote server be able/willing to send the data? X11
> > forwarding works in this case, and with a much simpler syntax:
> >
> > ssh -Y server
> >
> > Shouldn't something like this work in this case:
> >
> > ssh -R 12345:localhost:12345 server
> > ssh -R 12345::12345 server
> > ssh -R 12345 server
> >
> > Am I missing something?
> >
> > Thanks
> > Chuck
> >

>
>