jumpserver ssh tunnel映射本地的权限问题

命令如下:
ssh -L 33066:192.168.1.3:3306 admin@192.168.1.2 -p 2222

192.168.1.3:3306这个是mysql的机器和端口,jumpserver已经可以连接mysql资产。
192.168.1.2这个是jumpserver的服务器

问题:我想把mysql的3306端口通过ssh tunnel打通到本地33066端口,使用上面命令报错channel 2: open failed: administratively prohibited: port forwarding is disabled

详细信息:
debug1: channel 3: new [direct-tcpip]
channel 3: open failed: administratively prohibited: port forwarding is disabled
debug1: channel 3: free: direct-tcpip: listening port 33066 for 192.168.1.3 port 3306, connect from 127.0.0.1 port 52436 to 127.0.0.1 port 33066, nchannels 4

jumpserver的服务器 /etc/ssh/sshd_config配置AllowTcpForwarding和PermitTunnel都已经设置为yes,防火墙已全部打开
有大佬知道具体怎么操作吗?

ssh服务器配置完,有重启吗