When a slave is launched through JNLP, the slave agent attempts to connect to a specific TCP port of Hudson to establish a communication channel. But some security sensitive network can prevent you from making this connection. This can also happen when Hudson runs behind a load balancer, apache reverse proxy into DMZ, and so on.

This tunneling option allows you to route this connection to another host/port, and useful for those situations. The field can either take "HOST:PORT", ":PORT", or "HOST:". In the first format, JNLP slave agent will connect to the given TCP port on the given host, and assume that you've configured your network so that this port forwards the connection to Hudson's JNLP slave TCP port.

In the latter two formats, the default host name and port number (that is, the host name that Hudson runs, and the TCP port that Hudson opened) are used to augment the missing values. In particular the HOST: format is useful if the HTTP reverse proxy is used and Hudson actually runs on another system.