I found out that above code works for me . but didn't quite well understood how ti works and need to ask you guys some questions.
since we are using tunnel through ssh why we need to use other port above 1024 to channel unencrypted protocol.
my logic is like a tunnel drill between server and client using SSH. And every unencrypted protocol can pass without any restriction . but on reaching destination , it will have to connect using its port number . So i didn't quite get why we need that unprivileged port no . Any help would be highly appreciated
I'm not quite sure what your question is, so I explain a bit more.
SSH: Local Port forwarding
Local Port forwarding in SSH means that a listening Port on the local side is opened and all data is accepted and forwarded to a specified Host+Port on the remote side via the ssh connection. So all data is intercepted by the ssh-client, sent through the encrypted tunnel and after that sent - unencrypted to the host reachable from the target host. If the remote host is localhost then unencrypted data never goes over any physical media.
But you may specify other targets than localhost as remote forward host - maybe a host only the ssh-target host is able to reach. For example a host in a remote private lan which your source host has no possible connection to, but to take an intermediate step to the ssh target host. In this case the transport of the data after it leaves the ssh tunnel and is sent unencrypted at the target ssh host to the port forwarding target host.
See this nice picture(german language. The only thing to know is, that red is encrypted and blue is unencrypted):
Unprivileged ports
So since every tunnel requires a local listening socket a user must have privileges to create such. And since all Ports < 1024 require extended privileges a normal user cannot create sockets on that port range. But it's not needed use privileged ports. You may just use any port >= 1024. It's a bit more pleasant to use the same port as target-port and local tunnel-port. E. g. when you use port 80, you can simple type http://localhost or http://virtualhost.domain.tld (with virtualhost.domain.tld pointing to 127.0.0.1 in your ssh clients hosts file, so the http request has the correct virtualhost set and the target is localhost) and thus you do not need to specify the nonstandard port.
