On Fri, 2004-02-06 at 16:47, Austin Theen wrote:
> On Fri, 2004-02-06 at 14:52, Ian Blenke wrote:
> > Austin Theen wrote:
> > > any ssh fiends know if it's possible to use SSH to connect to computers
> > > behind a firewall? Here's the scenario:
> > >
> > > Internet <-> Linksys FW <-> Linux SSHD
> > > <-> VNC Server
> > >
> > > the linksys router has port 22 open to the linux box, and I'm trying to
> > > see how ssh can be used to allow me to access the VNC clients through
> > > the firewall without opening port 5900.
> > >
> > > from the man page it says I can forward ports and something about -g
> > > allowing remote hosts to connect to local forwarded ports.
> > >
> > > is this possible? or do i have to do a vpn?
> >
> > This is simple SSH port redirection. You can either forward local
> > connections to a remote machine (-L), or remote connections to a local
> > machine (-R), ie:
> >
> > localhost$ ssh -L 5900:vncserver:5900 linksys
> >
> > This tells your ssh client on your machine on the Internet somewhere to
> > listen locally to port 5900, and when something connects - tell the
> > remote sshd to connect to "vncserver" on port 5900.
> >
> > If you have an Xvnc session running on your Linux box, you can use
> > "localhost" instead of the "vncserver".
> >
> > SSH port redirection is an incredibly useful thing to master.
>
> this may very nearly work.
>
> I need to have ssh establish a tunnel over the Internet from my home
> workstation to this remote server, allowing me to connect to hosts
> behind a firewall on the remote server's network.
>
> when I try to connect using ssh -L 5900:remote:5900 localhost it binds
> my port 5900 to the remote server's 5900 (which isn't running vnc,
> doesn't even have X installed).
>
> There is this -G switch in ssh that says it allows connections from
> other hosts to use the SSH tunnel, but I am unclear if this switch will
> allow traffic to be destined for another host on the far side of a
> tunnel.
OK! I got some good news! I managed to get a connection established over
the ssh tunnel. Once I understood all the terminology of client and
server with respect to the ssh daemon.
I don't need to open any other ports besides ssh. the syntax for opening
a vnc connection to a host behind a firewall is basically:
austin@bender austin $ ssh -N -C -L 5900:firewalled_host:5900 ssh_server
austin@bender austin $ vncclient localhost
you can also use this to access router administration pages without
turning on remote administration in the router. plus it's all encrypted
over ssh. :) though you may need root to bind to privileged ports.
wow. this is incredibly awesome as a remote administration tool. I can't
believe i didn't learn this sooner!
Thanks everyone!
-- Austin Theen, Freelance Network Engineer High Gear Solutions Linux | Windows | Mac OS/X | Networks | Internet | Databases Office (941) 492-6111 368 Briarwood Road, Venice, FL 34293----------------------------------------------------------------------- This list is provided as an unmoderated internet service by Networked Knowledge Systems (NKS). Views and opinions expressed in messages posted are those of the author and do not necessarily reflect the official policy or position of NKS or any of its employees.
This archive was generated by hypermail 2.1.3 : Fri Aug 01 2014 - 17:36:34 EDT