Set the GatewayPorts
to yes
and try again.
ssh -o 'GatewayPorts yes' user@xx.yy.zz.41 -p 1234 -D 9898
man ssh_config
DynamicForward
Specifies that a TCP port on the local machine be forwarded over the secure channel, and the application protocol
is then used to determine where to connect to from the remote machine.
The argument must be [bind_address:]port. IPv6 addresses can be specified by enclosing addresses in square
brackets. By default, the local port is bound in accordance with the GatewayPorts setting. However, an explicit
bind_address may be used to bind the connection to a specific address. The bind_address of “localhost” indicates
that the listening port be bound for local use only, while an empty address or ‘*’ indicates that the port should
be available from all interfaces.
Currently the SOCKS4 and SOCKS5 protocols are supported, and ssh(1) will act as a SOCKS server. Multiple for‐
wardings may be specified, and additional forwardings can be given on the command line. Only the superuser can
forward privileged ports.
GatewayPorts
Specifies whether remote hosts are allowed to connect to local forwarded ports. By default, ssh(1) binds local
port forwardings to the loopback address. This prevents other remote hosts from connecting to forwarded ports.
GatewayPorts can be used to specify that ssh should bind local port forwardings to the wildcard address, thus
allowing remote hosts to connect to forwarded ports. The argument must be “yes” or “no”. The default is “no”.