Your browser does not allow storing cookies. We recommend enabling them.


Defining Automatic Tunnels

On the Automatic Tunnels page, you can create listeners for local tunnels that are started automatically when the Connection Broker starts up. The actual tunnel is formed the first time a connection is made to the listener port. If the connection to the server is not open at that time, it will be opened automatically as well.

Defining automatic tunnels

Figure A.44. Defining automatic tunnels

When the Connection Broker starts, the list of the automatic tunnels is read, and the connection initiating applications will be matched to the rules defined here.

Select Automatic Tunnels in the tree menu and click Add to open the Automatic Tunnel dialog box.

Adding a new automatic tunnel

Figure A.45. Adding a new automatic tunnel

  • Type: Select the type of the tunnel from the drop-down list. Valid choices are TCP and FTP.

  • Listen port: This is the number of the local port that the tunnel listens to, or captures. Do not use a reserved port number.


    The protocol or application that you wish to create the tunnel for may have a fixed port number (for example 143 for IMAP) that it needs to use to connect successfully. Other protocols or applications may require an offset (for example 5900 for VNC) that you will have to take into account.

  • Allow local connections only: If you want to allow only local connections to be made, leave this check box selected. This means that other computers will not be able to use the tunnel created by you. By default, only local connections are allowed. This is the right choice for most situations. You should carefully consider the security implications if you decide to also allow outside connections.

  • Destination host: This field defines the destination host for the port forwarding. The default value is localhost.


    The value of localhost is resolved by the Secure Shell server, so here localhost refers to the Secure Shell host you are connecting to.

  • Destination port: The destination port defines the port that is used for the forwarded connection on the destination host.

  • Tunnel using profile: Select the profile to use for the tunnel.

To edit an automatic tunnel, select a tunnel from the list and click Edit.

To delete an automatic tunnel, select a tunnel from the list and click Delete.

For more information on tunneling, see Local Tunnels.




What to read next:

  • Reduce Secure Shell risk. Get to know the NIST 7966.

    The NISTIR 7966 guideline from the Computer Security Division of NIST is a direct call to action for organizations regardless of industry and is a mandate for the US Federal government.
    Download now
  • ISACA Practitioner Guide for SSH

    With contributions from practitioners, specialists and SSH.COM experts, the ISACA “SSH: Practitioner Considerations” guide is vital best practice from the compliance and audit community.
    Download now