I must be doing something wrong or the server seems to ignore my bind request. Port forwarding is working it just bind to all ips and ignores my bind request. I've also tried this with an rfc1918 address opposed to a loopback and had the same results. Google and the archive haven't helped. Thanks in advance for your time and consideration. -server- uname -a Linux example.com 2.6.18-128.7.1.el5xen #1 SMP Mon Aug 24 10:08:55 EDT 2009 i686 i686 i386 GNU/Linux OpenSSH_4.3p2, OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008 -sshd_config- AllowTcpForwarding yes GatewayPorts yes -from other system- ssh -R 127.0.0.10:12491:127.0.0.1:5000 foo@xxxxxxxxxxx -messages- Aug 12 16:22:45 xxx sshd[1440]: debug1: server_input_global_request: tcpip-forward listen 127.0.0.10 port 12491 Aug 12 16:22:45 xxx sshd[1440]: debug1: Local forwarding listening on :: port 12491. Aug 12 16:22:45 xxx sshd[1440]: debug1: channel 0: new [port listener] Aug 12 16:22:45 xxx sshd[1440]: debug1: Local forwarding listening on 0.0.0.0 port 12491. Aug 12 16:22:45 xxx sshd[1440]: error: bind: Address already in use -check- netstat -an | grep 12491 tcp 0 0 :::12491 :::* LISTEN okay that didn't work lets see if "GatewayPorts" is related -sshd_config- AllowTcpForwarding yes GatewayPorts no -from other system- ssh -R 127.0.0.10:12491:127.0.0.1:5000 foo@xxxxxxxxxxx -messages- Aug 12 16:25:26 xxx sshd[1578]: debug1: Local forwarding listening on 127.0.0.1 port 12491. Aug 12 16:25:26 xxx sshd[1578]: debug1: channel 0: new [port listener] Aug 12 16:25:26 xxx sshd[1578]: debug1: Local forwarding listening on ::1 port 12491. -check- netstat -an | grep 12491 tcp 0 0 127.0.0.1:12491 0.0.0.0:* LISTEN tcp 0 0 ::1:12491 :::* LISTEN -networking- eth0 Link encap:Ethernet HWaddr xx:xx:xx:xx:xx:xx inet addr:xxx.xxx.xxx.xxx Bcast:xxx.xxx.xxx.xxx Mask:255.255.252.0 inet6 addr: fe80::216:3eff:fe6b:1e1d/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:33160 errors:0 dropped:0 overruns:0 frame:0 TX packets:1240 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:2158440 (2.0 MiB) TX bytes:228786 (223.4 KiB) lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:124 errors:0 dropped:0 overruns:0 frame:0 TX packets:124 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:11631 (11.3 KiB) TX bytes:11631 (11.3 KiB) lo:1 Link encap:Local Loopback inet addr:127.0.0.10 Mask:255.0.0.0 UP LOOPBACK RUNNING MTU:16436 Metric:1 -check- ping 127.0.0.10 PING 127.0.0.10 (127.0.0.10) 56(84) bytes of data. 64 bytes from 127.0.0.10: icmp_seq=1 ttl=64 time=0.025 ms -check- ping 127.0.0.1 PING 127.0.0.1 (127.0.0.1) 56(84) bytes of data. 64 bytes from 127.0.0.1: icmp_seq=1 ttl=64 time=0.024 ms -from man- GatewayPorts Specifies whether remote hosts are allowed to connect to ports forwarded for the client. By default, sshd binds remote port for- wardings to the loopback address. This prevents other remote hosts from connecting to forwarded ports. GatewayPorts can be used to specify that sshd should allow remote port forwardings to bind to non-loopback addresses, thus allowing other hosts to con- nect. The argument may be "no" to force remote port forwardings to be available to the local host only, "yes" to force remote port forwardings to bind to the wildcard address, or "clientspecified" to allow the client to select the address to which the forwarding is bound. The default is "no".