Protocol Encapsulation

Howard Lowndes lannet at
Sun Aug 5 09:47:28 EST 2001

Certainly the port has to be open at the server end, but you can lock it
behind a firewall.  That way you need only have port 22 (ssh) accessible
through the firewall yet have any services/ports available behind the

At the client the syntax is:

ssh -L <port_on_client>:<server>:<port_on_server> <ssh_firewall>

LANNet Computing Associates
Contact detail at

On Sat, 4 Aug 2001, Mark Hummel wrote:

> Hi,
> I want to be able to "wrap up" access to a service on my machine,
> forcing anything to go through the same wrapper. That way I don't have to
> have a separate TCP wrapper for each service that I want.
> For example, consider telnet. I don't simply want to add the service in
> inetd.conf - I want to force users to go via ssh. Ssh port forwarding
> doesn't seem to do the trick, because the port I forward to has to be
> open,  does it not?
> And, if the port has to be open, users can connect to the port directly.
> Any advice?
> Thanks,
> mark.

More information about the linux mailing list