SOLVED Remote TCP Forwarding with SSH

[yottabit]

I have extra sshd_config options set via "Extra Options" field in SSH config (FreeNAS 9.2.0):

Match User my.username
AllowTcpForwarding all
AllowTcpForwarding no

Now from a remote machine I login and try a remote forward. The setup works as intended:

Requesting remote port 3389 forward to 127.0.0.2:3389
Remote port forwarding from 3389 enabled

FreeNAS shows the port listening( 'rdp' is 3389):

[root@nas1] ~# netstat -a | grep rdp
tcp4 0 0 localhost.rdp *.* LISTEN

I can test that it successfully works by trying this from the FreeNAS shell:

[root@nas1] ~# telnet localhost 3389
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
^]
telnet> quit
Connection closed.

During which time I see this on the session requesting the forward:

Received remote port 3389 open request from 127.0.0.1:39698
Attempting to forward remote port to 127.0.0.2:3389
Forwarded port opened successfully
Nothing left to send, closing channel
Forwarded port closed

However, whenever I try to make the connection from another host (on the same LAN, no firewall in between), the connection to 3389 on the FreeNAS is refused.

It seems as if there is some firewall rule on the FreeNAS itself that's blocking inbound TCP/3389 from the LAN interface.

Can someone with more FreeBSD experience help me troubleshoot this further?

Thanks in advance!

 

[yottabit]

Figured it out.

Also need to add "GatewayPorts yes" to sshd_config.

When in doubt: RTFM.

Now maybe someone can tell me how to change the subject line of this thread to SOLVED?