As for your first question: If we assume your netmask is 255.255.255.0, yes. Some routers have option to still not allow traffic between WLAN and LAN. As for your second question, short story: try adding -N flag to your SSH command and see what happens. And the long story: What I meant with that b0rked statement is that, in that case you posted ssh client log, routing and portforwarding works, you are able to send and receive TCP packets to OpenSSH server port 2222. The SSH protocols match, the authentication succeeds... so you get far further than when it is stuck on no route to host. ..but then it immediately logs out. If it executed your port forwarding it'd stay connected until you quit it (or networking problem), and to kill the tunnel you'd use ^C (Ctrl+C). Instead, you get debug1: Exit status 1 (different than 0; 0 means no error), in this case usually problem is 1) login shell doesn't exist 2) or is set to /bin/false (or something similar). Check the OpenSSH's /etc/passwd and see if it is correct set. The -N flag will not execute the remote command and is recommended in situations like these. @ Jay that reminds me, if you don't want to use OpenSSH to remotely log in to your computer to get a shell but do wish to use only port forwarding (ie. only want to use OpenSSH to run VNC server) you can harden OpenSSH server further. Worth it to discuss or not...?