ssh tunneling (localport)

The syntax is:

ssh  -L  local_port:target_host:target_port  bastion_host

Forward port 2525 on your local machine to port 25 on mail.exmaple.net via bastion.stack1.com:

ssh  -L  40000:ldap.stack1.com:389  bastion.stack1.com:389

As above but don't start a shell on the bastion (-N) and run ssh in the background (-f)

ssh -L 40000:ldap.stack1.com:389 bastion.stack1.com -N -f

Put a shortcut in .ssh/config:

Host ldap-tunnel
    HostName bastion-host
    LocalForward local-port  target-host:target-port
    User user-on-bastion-host
    IdentityFile ~/.ssh/ private-key-for-user-on-bastion-host

Host ldap-tunnel
    HostName bastion.stack1.com
    LocalForward 40000 ldap.stack1.com:389
    User clarkeb
    IdentityFile ~/.ssh/clarkeb_rsa

If I now ran ssh ldap-tunnel -f -N I could connect my ldap client to port 40000 on my local machine and this would tunnel through to port 389 on ldap.stack1.com

---