I cross posted the following to the Linuxrouter
Project Mailing list:
As the subject states I want to tunnel VNC through SSH
to make a connection to a server on my private IP DMZ.
I'm using the LRP variant EigersteinBETA2 and the
associtated 1.1 extended scripts for my personal
firewall and to set up both a private IP address range
DMZ and a fully private subnet.
At work, I'm behind a firewall that only allows
connections out to remote machines on ports 21, 80,
443 and perhaps a couple of other ports. So, on my LRP
box at home, I opened 21 to be forwarded to the DMZ
machine. On the DMZ machine, a linux box, I edited
hosts.allow to allow traffic on 21 and I added 21 as
an extra port for sshd to listen too. I restarted
sshd. I started the vncserver and it is listening on
local port 5901.
So on my machine here at work I make a ssh connection
to my.ip.xx.yy:21 but depending on how I initiate the
connection all I get is a flashing cursor,
never a real login, and eventually it times out (
using a *.ini file and customized shortcut to ttssh).
If I initiate the connectionin a slightly differnet
manner, I am asked for my username and password, but
get no further, not even an error message from the
sshd, just the blinking cursor again ( using ttssh
directly and giving it all the parameters). I
also attempt to do a local forward w/ ssh like so:
"5999:my.ip.xx.yy:5901 my.ip.xx.yy". I can't help
feeling that I'm missing something here.
Also, I can get it too work from my private subnet at
home by ssh'ing to the priv.ip.DMZ.serv:21 w/ a forwrd
of "5999:priv.ip.DMZ.serv:5901 priv.ip.DMZ.serv". I
can ssh from my private subnet to my.ip.xx.yy, but if
I recall correctly the VNC connection doesn't work.
One other forward I tried was
"5999:priv.ip.DMZ.serv:5901 my.ip.xx.yy" though I had
little hope of that succeeding.
Have I posed this problem in too vague a manner?
|-----------|>---VNC----|
|workstation| |
|---------- |<-SSH:5999-|
|
|
V
|---| |---|
|fw |<--->internet<--->my.ip.xx.yy:21|lrp|
|---| |---|
|
|
|----ssh---<|-----------| |
| |DMZ,sshd:21|<-|
|-vnc:5901->|-----------|
When sshd on the privDMZ gets the ssh connection it
should forward to its own local port 5901, correct?
What could be blocking a good response from the ssh
server? When I get home this evening I'll check my
logs closely, for I'm sure they are now full of denied
packets.
Other notes, At work I'm using TeraTerm pro with the
TTSSH 1.5.4 plugin. At home, I used this same software
and another windows ssh client, the name of which
escapes me. Couldn't figure out how to make putty do
forwarding. I was also able to do this from my linux
box at home using the command line ssh provided by
OpenSSH. I also have OpenSSH running on the DMZ
machine. One thing I wasn't clear on was the port
directive in sshd_config, should there be separate
PORT lines for each port you want sshd to listen on (
the way I have it now ) or a single PORT line with
port numbers separated by commas?
=====
-
[EMAIL PROTECTED]
Hacking is a "Good Thing!"
See http://www.tuxedo.org/~esr/faqs/hacker-howto.html
__________________________________________________
Do You Yahoo!?
Yahoo! Auctions - Buy the things you want at great prices.
http://auctions.yahoo.com/
---------------------------------------------------------------------
To unsubscribe, send a message with the line: unsubscribe vnc-list
to [EMAIL PROTECTED]
See also: http://www.uk.research.att.com/vnc/intouch.html
---------------------------------------------------------------------
