On Thu, May 08, 2008 at 04:16:12PM -0700, arguellodw wrote: > I'm having a difficult time understanding the difference between these two > local tunnels. Here is how I see them: > 1) mymachine: $ ssh 5900:localhost:5900 remotehost > 2) mymachine: $ ssh 5900:remotehost:5900 remotehost I assume you mean ssh -L 5900:... in each case. In the first case, the sshd on the remotehost makes a TCP connection to localhost:5900, meaning the service receives the connection on the loopback interface (127.0.0.1). In the second case, the sshd on the remotehost makes a TCP connection to remotehost:5900, meaning the service receives the connection on whatever interface the address of "remotehost" is bound to (typically not loopback). This matters only if the service is listening on a particular interface (loopback only for example), or if it has access control rules based on the source IP of the connections, or if the kernel has firewall rules that control access in some way.
