Skip to main content

SSH Port Forwarding

A more generic form of using the proxy server is to setup full port forwarding to the compute node. This will allow you to map ports opened by applications on compute nodes to your local computer.

In contrast to the proxy server, with port forwarding:

  • You do not need to change your browser settings.
  • You can forward more than just HTTP, you could forward any TCP based service (e.g. databases).
  • You will have to re-start and re-configure the port forwarding any time the node name changes.
danger

Don't open ports on Palmetto without any authentication. There are no firewalls preventing other users within Palmetto from connecting to ports you open.

If you have concerns, please reach out to us for advice.

As an example, let's run an specialized instance of Jupyter through apptainer. We'll use an image with Julia notebooks prebuilt. We'll have Jupyter open on port 5000. On a compute node start the service:

apptainer run docker://jupyter/julia-notebook jupyter lab --port 5000

Once it starts up, you should see logs like the following:

[I 2023-11-07 22:05:40.817 ServerApp] Jupyter Server 2.8.0 is running at:
[I 2023-11-07 22:05:40.817 ServerApp] http://node0036.palmetto.clemson.edu:5000/lab?token=<redacted>

This indicates that it is running and provides us the token. I also make note of the compute node: node0036. You can make a request to this server from within the cluster (e.g. on the login node) using:

curl -v http://node0036:5000

Note: that node0036 is the compute node my job landed on. You will need to change this as appropriate. This should return an HTTP/1.1 302 Found response code.

Our goal will be to expose this on our local computer on port 8080 (we could have picked the same port 5000, but for this example we'll pick a different port to help clarify when we are using the remote port vs local port).

MacOS/Linux

To begin the port forwarding, run a new ssh session and use the -L option. The format of the argument to -L will be 127.0.0.1:<local-port-number>:<node>:<node-port-number>:

  • local-port-number: The port number you want your service to appear as on your local computer. In our example, this is 8080.
  • node: The node name where your service is running. For my job, this is node0036.
  • remote-port-number: The port number of the remote service running on the compute node. In this example, it is 5000.

So I would run:

ssh -L 127.0.0.1:8080:node0036:5000 dndawso@login.palmetto.clemson.edu

You will be prompted for your Clemson password and Duo information (same as any ssh connection).

Once connected, I can now open my browser on my computer to http://localhost:8080/ and I should see a Jupyter Lab interface requesting a token (use the token that was printed when you first started Jupyter Lab).

Windows

  • On the menu button bar of MobaXterm, click Tunneling

Screenshot of the MobaXterm menu bar with an arrow pointing at tunneling.

  • Select New SSH tunnel, then select Local port forwarding

  • Filling the information as follows:

    • <Forwarded port>: The port you want your service to appear as on your local computer. In our example, this is 8080.
    • <SSH server>: login.palmetto.clemson.edu
    • <SSH login>: Your username.
    • <SSH port>: 22
    • <Remote server>: The node name where your service is running. For my job, this is node0036.
    • <Remote port>: The port number of the remote service running on the compute node. In this example, it is 5000.

  • Click Save

Screenshot of the MobaXterm tunneling configuration page.

  • Click the play icon to activate the tunnel.

Screenshot of the MobaSSHTunnel graphical port forwarding tool.

  • You will first be asked for password, that is your Palmetto password.
  • Next, you will be asked for a Duo two-factor login, enter 1 to receive a DUO push to your phone.
  • The play icon will be blurred, and the stop icon will become bolded. Your tunnel is now activated. You can click on the X at the top right corner to close this windows, and the tunnel will keep running.

Screenshot of the MobaSSHTunnel graphical port forwarding tool with the play icon blurred.

From my computer, I can now open my browser to http://localhost:8080/ and I should see a Jupyter Lab interface requesting a token (use the token that was printed when you first started Jupyter Lab).