Welcome to the CS Intranet
Print Friendly Email to others Bookmark

SSH How-to > Using PuTTY > Port Forwarding using PuTTY

SSH tunneling (port forwarding) is a flexible and secure mechanism for accessing network services behind a firewall. It can be used for accessing VNC servers or Windows Remote Desktop Service in CS Department from your home PC.

How It Works

Suppose you want to run a client software (e.g. VNC client) which makes a TCP connection from your PC to a remote server (e.g., a VNC server running on a CS UNIX server). You may use PuTTY to set up a "tunnel" which forwards TCP traffic from your local PC to the remote server. When the client connects to the TCP port on your local PC, SSH relays the traffic to the remote server with encryption. From the viewpoint of the client software, the server software appears to be running on your local PC.

Setup Procedure

  1. Install and setup your PuTTY client on your PC.
  2. Start by selecting the Session tab.
    • Enter the name of the machine you wish to connect in the box [Host Name].
      You can specific an IP address also.
    • Select the SSH Protocol.

  3. Next, select the Window tab.
    • Specific the size of the windows by Rows and Columns.
    • Specific the size of scrollback if you wish to cut and paste previously entered commands or terminal output.

  4. Select the Appearance tab.
    • Change the font is necessary, default is Courir New, bold, 10-point. Use ClearType if you are using LCD monitor.
    • Select Colours Tab to change the default colors.

  5. Select the Connection/Data tab.
    • If you always use the same username to log on the server, put it in the Auto-login username.
  6. Select the SSH tab.
    • Enable compression for slow connections.
    • Select SSH protocol version to "2" for better encryption.
  7. Select the Tunnels tab.
    • The tunnel details will shown in the box
    • To forward a port enter the Source port and Destination (machinename:port#) and then Add button.
  8. Go back to the Session tab.
    • Give a name for the setting and Save the session so that you don't have to configure again.
    • Double-click the saved session will open a new session using the saved settings.

Example Tunneling Rules

The table below shows some example tunneling rules.

Service Listening Port Destination Host Destination Port Allow Localhost Connections Only How to run client
5900 + display no host running your VNC server
5900 + display no yes
VNC client connects to localhost:<display no>
study.cs.hku.hk for student
staff.cs.hku.hk for teaching staff
enter localhost as IMAP server
for your mail client software
enter localhost as NNTP server
for your news client software
host running the CVS server
use localhost as server name
host running RDC service
3389 yes
Run RDC connecting host (Windows XP with SP2)
host running RDC service
3389 no
Run RDC connecting host (Windows 2000 or Windows XP without SP2)

You may also use the command line option of PuTTY, e.g.:

putty -L 9001:ipaddress:3389 tmchan@gatekeeper.cs.hku.hk
mstsc /v:localhost:9001
putty -L 5903:ipaddress:5903 tmchan@gatekeeper.cs.hku.hk
"C:\Program Files\RealVNC\VNC4\vncviewer" localhost:3