Understanding SSH tunnels

I have drawn some sketches

The machine, where the ssh tunnel command is typed (or in your case: Putty with tunneling is started) is called »your host«.

---

Introduction

1. local: -L Specifies that the given port on the local (client) host is to be forwarded to the given host and port on the remote side.

   ssh -L sourcePort:forwardToHost:onPort connectToHost means: connect with ssh to connectToHost, and forward all connection attempts to the local sourcePort to port onPort on the machine called forwardToHost, which can be reached from the connectToHost machine.

2. remote: -R Specifies that the given port on the remote (server) host is to be forwarded to the given host and port on the local side.

   ssh -R sourcePort:forwardToHost:onPort connectToHost means: connect with ssh to connectToHost, and forward all connection attempts to the remote sourcePort to port onPort on the machine called forwardToHost, which can be reached from your local machine.

Your example

The first image represents your situation. The blue box called your host is your Windows machine from which you start Putty to your Ubuntu server, called remotehost in my image. Connections to the green port (in your case port number 4000) are forwarded to the pink MySQL port 3306 of the localhost of your Ubuntu server machine (i.e. the Ubuntu server itself).

To set it up with Putty

Start Putty and enter your usual connection settings (Hostname or IP address) In the tree on the left side, navigate to

Connection → SSH → Tunnels

and create a new local tunnel with the source port 4000 (123 in the image) and the destination localhost:3306 (localhost:456 in the image).

Do not forget to click on Add.

Then navigate back to session and click Save to keep your settings for the next time. Now you can use the saved connection to log in to your server and after you successfully log in, every time you connect to port 4000 on your host you will actually connect to port 3306 on the Ubuntu server.

The simple answer is yes, but please note that the tunnel is actually started on your computer. The way it works is that you create an SSH connection to the server (which is secure) and then instruct the SSH to listen to a port on your side and forward whatever connections come in - to a specific port on a specific host address on the server side. The target of the tunnel need not be the same server - it can be any other valid address, which - in the case it's not the server running the SSH server itself - will see the incoming connection as if it came from the SSH server instead of from your client.

To set it up, open the Putty configuration dialog, select the setting of the connection you normally use to access your server and click "load" (and not "open"). Then in the tree on the left side, navigate to Connection->SSH->Tunnels and create a new "local" tunnel with the source port 4000 and the destination "localhost:3306" (because the destination address is resolved on the server, from the server's point of view the MySQL port is on the localhost). Then navigate back to "session" and click "Save" to keep your settings for the next time. Now you can use the saved connection to log in to your server and after you successfully log in, every time you connect to port 4000 on your computer you will actually connect to port 3306 on the server.

If you are seriously into tunnels, and running an MS-Windows client, then I suggest looking at Putty Tunnel Manager which uses Putty to set up and run tunnels easily without needing to have an open putty console.