In this exercise we will setup system so TCP traffic to be forwarded over the secure connection in a sub-channel. You will telnet to port 25/tcp on your security1 machine and, using SMTP protocol commands, send mail to user anna on that station. We will try to telnet to port 25 on security1, but this will not work. So we will do next tricky thing. We will connection on port 3025 on security2 and make tunnel to port 25 on security2, and encrypt this by ssh and forwarded to security1 in clear text mode

[root@security2 ~]# ssh -L 3025:localhost:25 anna@security1

On another tab open telnet connection.

[root@security2 ~]# telnet localhost 3025

Now send mail to anna, through telnet. This mail will appear in /var/mail/anna on security1 side. OK this is definitely something you want to enable, so you should change sshd_config file, and remove comment from AllowTcpForwarding no , after this you can't telnet on localhost to port 3025