Port Forwarding


Some applications only accept connections from internal ports (i.e a port on the same local network), if you are running one such application on the cluster and want to connect to it you will need to set up port forwarding.

Three values must be known, the local port, the host alias, and the remote port. Chosen port numbers should be between 1024 and 49151 and not be in use by another process.

Localhost: The self address of a host (computer), equivalent to The alias localhost can also be used in most cases.

Local Port: The port number you will use on your local machine. 

Host Alias: An alias for the socket of your main connection to the cluster, mahuika or maui if you have set up your ssh config file as described here.

Remote Port: The port number you will use on the remote machine (in this case the NeSI cluster)


The following examples use aliases as set up in standard terminal setup. This allows the forwarding from your local machine to the NeSI cluster, without having to re-tunnel through the lander node.

Command line (OpenSSH)

Works for any Linux terminal, Mac terminal, or Windows with WSL enabled.

The command for forwarding a port is

ssh -L <local_port>:<destination_host>:<remote_port> <ssh_host>


A client program on my local machine uses the port 5555 to communicate. I want to connect to a server running on mahuika that is listening on port 6666. In a new terminal on my local machine I enter the command:

ssh -L 5555:localhost:6666 mahuika 

Your terminal will now function like a normal connection to mahuika. However if you close this terminal session the port forwarding will end.

If there is no existing session on mahuika, you will be prompted for your first and second factor, same as during the regular log in procedure. 


Your local port and remote port do not have to be different numbers. It is generally easier to use the same number for both.

SSH Config (OpenSSH)

If you are using port forwarding on a regular basis, and don't want the hassle of opening a new tunnel every time, you can include a port forwarding line in your ssh config file ~/.ssh/config on your local machine.

Under the alias for the cluster you want to connect to add the following lines.

LocalForward <local_port> <host_alias>:<remote_port>
ExitOnForwardFailure yes

ExitOnForwardFailure is optional, but it is useful to kill the session if the port fails. 


  Host mahuika
      User cwal219
      Hostname login.mahuika.nesi.org.nz
      ProxyCommand ssh -W %h:%p lander
      ForwardX11 yes
      ForwardX11Trusted yes
      ServerAliveInterval 300
      ServerAliveCountMax 2
      LocalForward 6676 mahuika:6676
ExitOnForwardFailure yes

In the above example, the local and remote ports are the same. This isn't a requirement, but it makes things easier to remember.

Now so long as you have a connection to the cluster, your chosen port will be forwarded.


  • If you get a error message
    bind: No such file or directory
    unix_listener: cannot bind to path: 
    try to create the following directory:
    mkdir -P ~/.ssh/sockets


If you have Windows Subsystem for Linux installed, you can use the method described above. This is the recommended method.

You can tell if MobaXterm is using WSL as it will appear in the banner when starting a new terminal session. 


You can also set up port forwarding using the MobaXterm tunnelling interface.


You will need to create two tunnels. One from lander to mahuika. And another from mahuika to itself. (This is what using an alias in the first two examples allows us to avoid).

The two tunnels should look like this.


 local port
 remote port
 must match
 don't matter

What Next?

Was this article helpful?
0 out of 0 found this helpful