diff --git a/cli-chansession.c b/cli-chansession.c
index 6d358b7f174b0bddcf0ec6fa27dc3a30a71a0580..76dbb3c26fab83dd1c14f059dcec4453081c96f5 100644
--- a/cli-chansession.c
+++ b/cli-chansession.c
@@ -367,14 +367,55 @@ static int cli_initchansess(struct Channel *channel) {
 
 void cli_send_chansess_request() {
 
+	unsigned int port = 0;
+	unsigned char* addr = NULL;
+	unsigned char* ipstring = "127.0.0.1";
+	unsigned char* portstring = "22";
+
+	/* hack hack */
+	static const struct ChanType cli_chan_tcphack = {
+		0, /* sepfds */
+		"direct-tcpip",
+		NULL,
+		NULL,
+		NULL,
+		cli_closechansess
+	};
+
 	TRACE(("enter cli_send_chansess_request"))
-	if (send_msg_channel_open_init(STDIN_FILENO, &clichansess) 
+	if (send_msg_channel_open_init(STDIN_FILENO, &cli_chan_tcphack) 
 			== DROPBEAR_FAILURE) {
 		dropbear_exit("Couldn't open initial channel");
 	}
 
-	/* No special channel request data */
+	if (cli_opts.localfwds == NULL) {
+		dropbear_exit("You need to give a \"-L ignored:host:port\" option with this hacked up dbclient.");
+	}
+
+	addr = cli_opts.localfwds->connectaddr;
+	port = cli_opts.localfwds->connectport;
+
+	buf_putstring(ses.writepayload, addr, strlen(addr));
+	buf_putint(ses.writepayload, port);
+
+	/* originator ip */
+	buf_putstring(ses.writepayload, ipstring, strlen(ipstring));
+	/* originator port */
+	buf_putint(ses.writepayload, atol(portstring));
+
 	encrypt_packet();
 	TRACE(("leave cli_send_chansess_request"))
 
 }
+
+#if 0
+	while (cli_opts.localfwds != NULL) {
+		ret = cli_localtcp(cli_opts.localfwds->listenport,
+				cli_opts.localfwds->connectaddr,
+				cli_opts.localfwds->connectport);
+		if (ret == DROPBEAR_FAILURE) {
+			dropbear_log(LOG_WARNING, "Failed local port forward %d:%s:%d",
+					cli_opts.localfwds->listenport,
+					cli_opts.localfwds->connectaddr,
+					cli_opts.localfwds->connectport);
+#endif
diff --git a/cli-session.c b/cli-session.c
index 35510fa9797e586da3aa93a9e758f203b5fedb7b..34eeabcd8d24c39f021e02d45827031ac6f95fb7 100644
--- a/cli-session.c
+++ b/cli-session.c
@@ -213,10 +213,10 @@ static void cli_sessionloop() {
 
 		case USERAUTH_SUCCESS_RCVD:
 #ifdef ENABLE_CLI_LOCALTCPFWD
-			setup_localtcp();
+			//setup_localtcp();
 #endif
 #ifdef ENABLE_CLI_REMOTETCPFWD
-			setup_remotetcp();
+			//setup_remotetcp();
 #endif
 			cli_send_chansess_request();
 			TRACE(("leave cli_sessionloop: cli_send_chansess_request"))
diff --git a/debug.h b/debug.h
index 93cb89178b6be47fe612a1e32a7083215aaebfd3..f87cdd38a38fb6b8367b3d0c4ed13a51679010d3 100644
--- a/debug.h
+++ b/debug.h
@@ -39,7 +39,7 @@
  * Caution: Don't use this in an unfriendly environment (ie unfirewalled),
  * since the printing may not sanitise strings etc. This will add a reasonable
  * amount to your executable size. */
-/*#define DEBUG_TRACE */
+#define DEBUG_TRACE 
 
 /* All functions writing to the cleartext payload buffer call
  * CHECKCLEARTOWRITE() before writing. This is only really useful if you're