SSH port forwarding enables you to establish tunnels from your local computer, through our SSH Gateway, to ports on an internal Carnegie server.


SSH tunneling is non-trivial, and requires some knowledge about network protocols and ports.



  • An SSH Client (PuTTY *HIGHLY* recommended)
  • A a free "high" port on your own computer (between 1024 and 65535)
  • "target" internal server
  • "target port" on that internal server
  • An "SSH gateway" to be used to connect to the internal "target"


Setting up an SSH Tunnel

  1. Pick a free "high" port on your computer
    For this example, we'll use port 33333, as it's usually available.
    If you try 33333 and it's not available, try 33334, 33335, etc.

  2. Pick the "target" internal server to connect to
    For this example, we'll use Calc,

  3. Either know the TCP/IP port used by the protocol you'll be forwarding, or another custom "target port"
    For this example, we'll be connecting via VNC to Display #1 (:1) which uses port 5901

  4. Open Putty, enter the "SSH Gateway" into the Hostname field

  5. Under "Category" on the left, navigate to Connection -> SSH -> Tunnels
    • Enter your "high" port into the "Source port" field
    • Enter your "target" and "target port" into the "Destination" field, separated by a colon
    • Click on the "Add" button to add the tunnel
    • You can repeat this step with different high ports (e.g. 33334, 33335, etc.) and targets to establish multiple tunnels simultaneously

  6. Under "Category" on the left, navigate back to "Session" and save the session if you so choose

  7. Click on the "Open" button to log into the "SSH Gateway"

  8. Leave the terminal window open.  The tunnel will only remain available so long as this SSH session remains connected

  9. Use your browser or client to connect to "localhost" on the "high port" you chose
    In this example, use TurboVNC Java Viewer to connect to "localhost:33333"