Similar to X11 forwarding, most SSH clients have the ability to tunnel other network connections through an SSH session, also known as port forwarding. Tunnels connect a port on your local system to a port on a remote system, so that you can make a connection to the port on your local system and, via the tunnel, it will be forwarded to the designated port of the remote system. (Other tunneling setups are possible, but we do not use them in this Guide.) The remote system could be the system you SSH into, or a system reachable from the system you SSH into. The two primary uses for tunnels in the context of the CCA are working on clusters where internal nodes don't have direct access to the external network, and making connections through firewalls, for example to run the GUI (of course the firewall must pass the SSH connection that carries the tunnel).

An important thing to note about tunneling is that the port numbers on both ends of the tunnel must be made explicit. Only one application at a time can listen on a port, so port numbers on both ends of the tunnel must be selected to avoid conflicts. Assuming you're the only user on your local system, you must select non-privileged port numbers (1025-65565) that don't conflict with each other, or with any servers or other applications that might already be using ports on your system. In the examples below, we use port 2022 on the localhost side of a tunnel for an SSH connection. The same rules apply to the ports on the remote system. If you're sharing the system on which you're running the exercises, you'll need to be sure to select ports not being used by other users. Though statistically, the chances of a collision are relatively small, we avoid such problems in organized tutorials by assigning each user a port number to use for the Ccaffeine GUI (in the examples below, we use port 3314). If you're working on your own and are encountering problems finding a free port, the netstat (netstat -a -t -u on Linux-like systems, or netstat -a at the Windows command prompt) can give you a list of the ports currently in use.

A.3.2. Tunneling with PuTTY

In PuTTY, tunnels are specified on the Connection → SSH → Tunnels configuration page. To configure a tunnel, you need to go to the Add new forwarded port section of the page. Source port is the port on your local system that you will connect to in order to use the tunnel. In the OpenSSH instructions above, it is labeled localPort and is the first part of the argument of the -L option. In PuTTY, the Destination field is remotHost:remotePort, or the second and third pieces of the OpenSSH -L argument. The Local button should always be checked (meaning that the tunnel will be setup to forward from your local system to the destination system).

	Tip
	You might want to take advantage of PuTTY's ability to save “sessions” to save and easily reuse complicated (or tedious) SSH configurations, particularly those including multiple tunnels.

In order to use a tunnel once it is setup, you simply enter give the application localhost and the appropriate port number to connect to. To initiate a tunneled SSH session with PuTTY, you would enter this information in the Session → Host Name and Session → Port fields. In the examples given earlier for OpenSSH (Section A.3.1, “Tunneling with OpenSSH”), a connection to localhost port 2022 would give you an ssh connection to directly to clusterInternalNode. And the Ccaffeine GUI would be invoked in the same way as above (modulo unix vs. Windows details in the command itself).