IpFire has a setting to allow SSH and enable TCP port forwarding. However, that does not work. You will get an error like this:
channel 3: open failed: administratively prohibited: open failed
The problem is that in sshd_config the option
PermitOpen is set to
none, thereby not allowing any forwarding.
I think the option to enable TCP forwarding should be removed entirely, if the
PermitOpen none is intentional. Or maybe
PermitOpen none should be removed to allow unrestricted forwarding. Or the GUI could even be extended to let one configure one or more destinations.
Some further investigation shows this may have been an unintended side-effect of the hardening of the SSH server as documented here https://patchwork.ipfire.org/patch/1895/#2704.