To be honest John, I don't know anything about the firewall or how it is configured. I only know that the system administrator put a NAT or PAT on it for SSH. If I point an SSH client at the external IP address of our firewall I end up connecting to my Linux box. By the way, I've now also installed cygwin on the laptop and if I use openssh instead of putty to connect it makes no difference - still no password dialog.
So that makes the question "when is a tunnel not a tunnel?". And why is the Linux version of vncviewer able to connect through the firewall but the windows version can't? Sigh. I've asked the question of the system administrator (what *is* on the firewall?) but he doesn't seem to be around at the moment. I will also try dual booting the laptop and see if I really can connect from that machine when it's running linux. Cheers Ron -----Original Message----- From: JOHN R BLACKMORE [mailto:[EMAIL PROTECTED] Sent: Wednesday, June 04, 2003 9:25 PM To: Ron Cresswell Subject: RE: vncviewer not popping up a password dialog Are you using a transparent proxy on your firewall? --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Date: Wed, 4 Jun 2003 14:22:27 +1000 Subject: RE: vncviewer not popping up a password dialog OK, now we're getting into the nitty-gritty. This is proving far more difficult than it should be! I've turned on extensive logging of ssh packets and include the relevant logs here. First though, let me try to explain the two scenarios - the working and the non-working: I have a PAT on our firewall that redirects SSH traffic to my Linux machine at work. So that might look something like this: _____ ______ _______ | | SH2 Traffic | | | Work | | Home|---------------| PAT |-------------| Linux | |_____| |______| |_______| 192.168.1.2 172.15.20.1 172.168.10.54 tgl8b/laptop middleman cfd1 (I've just made up the IP addresses for the purposes of this example - the PAT is of course a non-private IP address). tgl8b is a linux machine running OpenSSH and linux vncviewer, while laptop is a Windows2000 machine running Putty and a windows vncviewer. So I sit on tgl8b, open an SSH connection to middleman, and that is redirected to cfd1. I invoke it with the command ssh -L5901:middleman:5901 and if I then start vncviewer on tgl8b, everything is fine. If I use laptop, I use Putty to connect. I set up the tunnel so that the tunnel window says: L5901 172.15.20.1:5901 I then start vncviewer, point it to localhost:1 and it *does* connect, but ought to then pop up a dialog box asking for a password. It does nothing. However, if I carry the laptop into work and simply replace the IP address for middleman with the IP address for cfd1, and connect as follows: _____ _______ | | SH2 Traffic | Work | | |---------------------------| Linux | |_____| |_______| 192.168.1.2 172.168.10.54 tgl8b/laptop cfd1 Then when I connect to localhost:1 I get a window requesting a password. Once I've logged in, up comes the vncviewer and everything is fine. Now I collected the SSH traffic in a Putty log file from these two cases, and the ONLY difference in the log files (apart from the actual vncviewer traffic which isn't present in the one that never asked for a password) seems to be that the connection thr ough middleman contains a large number of lines saying: Outgoing packet type 2 / 0x02 (SSH2_MSG_IGNORE) Any experts out there who would like to see the whole logs, please let me know. If I had to guess, I would say that Putty isn't tunnelling the port, it's just forwarding it - but that couldn't be the case could it?? Ron Cheers Ron Ron Cresswell Principal Scientist James Hardie Research Ph +61-2-8845-3382 Fax +61-2-8845-3222 ###################################################################### This message is intended for the use of the party to whom it is addressed and may contain information which is confidential. If you are not the intended recipient and have received this communication in error, please notify us by telephone and either ret urn the original message or ensure its destruction. Any dissemination or copying of this communication and its attachments by anyone other than the party to whom it is addressed is strictly prohibited. ###################################################################### _______________________________________________ VNC-List mailing list [EMAIL PROTECTED] To remove yourself from the list visit: http://www.realvnc.com/mailman/listinfo/vnc-list ###################################################################### This message is intended for the use of the party to whom it is addressed and may contain information which is confidential. If you are not the intended recipient and have received this communication in error, please notify us by telephone and either return the original message or ensure its destruction. Any dissemination or copying of this communication and its attachments by anyone other than the party to whom it is addressed is strictly prohibited. ###################################################################### _______________________________________________ VNC-List mailing list [EMAIL PROTECTED] To remove yourself from the list visit: http://www.realvnc.com/mailman/listinfo/vnc-list
