A little question to an SSH guru (port forwarding)
 

I have the following setup:
serverA - internet - serverB - serverC

I do on serverA:
ssh -L10000:serverC:10000 serverB

This will connect localhost:10000 of serverA to serverC:10000.
Since the connection is made to localhost, it can only be used locally, on serverA itself (so far as I know).

Is there a way to establish the connection in a way that any machine close to serverA can make use of it?
i.e. to connect serverA:10000 to serverC:10000, so that any client (even if not having ssh) connecting to serverA:10000 would actually connect to serverC:10000?

If I understand what you want to do - you need to edit sshd_config and set "GatewayPorts" to yes.

Thanks, it seems to be just what i need.

I wonder, however, how this exactly works on internet gateways? I mean: does it forward port lo:10000, iif:10000, oif:10000, or all? (You might have found out: I would prefer oif:10000 not being forwarded)
Also if it is possible to allow GatewayPorts on a per-forwarding-basis, i.e. GatewayPorts should not be enabled for all port forwarding, only for specific ones.

As far as I know it needs to be on for all ports unless you run 2 sshd servers on different ports each with a different config. I also don't think there is a way to only bind to one interface so you'll need to use iptables to stop connections to the external interface.