>>>>> "Ehud" == Ehud Karni <[EMAIL PROTECTED]> writes:
Ehud> On Fri, 5 Jan 2001 20:36:09 -0600 (CST), William L. (Bill) Barth
Ehud> <[EMAIL PROTECTED]> wrote:
>>
>> home$ ssh -t work ssh work1 /pathtovncserver/vncserver :2 ; ssh -g -R
5902:work1:5902 home
>>
>> (The reverse connection is necessary since the firewalls don't allow
>> any ports but the SSH ports through.)
Ehud> I do not understand why you need the 2nd (reverse) ssh. You can
Ehud> forward the home to work and work to home on the initial ssh.
Ehud> Since I'm forwarding a lot of ports I have it on my ~/.ssh/config like
Ehud> this (I also connect to one computer at work and work on another):
Ehud> LocalForward 5910 bsw1:5910 # view LOAD VNC on bsw1
Ehud> LocalForward 5944 linux:5944 # work on X (VNC) Emacs
Ehud> RemoteForward 5901 ekc-5:5900 # connect to 2nd Home computer
Ehud> I'm connecting from ekc-1 (at home ) to linux (at work).
Ehud> The net nnection is:
Ehud> ekc-1 |FW| ---(internet)--- |FW| linux
Ehud> ekc-5 __| |___bsw1___PC___(more)
Ehud> To work from home (ekc-1 or ekc-5) on my emacs session, I connect to
Ehud> ekc-1:44, to work on home PC (ekc-5) from my PC at work I connect to
Ehud> linux:1. So, single ssh should suffice (I also forward telnet and X).
Assuming I understand your suggestion, the problem with trying to do
it that way is that I'm not allowed to connect directly to or open
ports on the firewall itself. All connections to the ssh port (22) on
the work firewall are forwarded (transparently to me) to a _random_
machine on the inside. So there are two ways I see that I can do this
1. Forward a local port on my home machine to the remote machine on
which the Xvnc server is running. But I don't see how since I need
to specify the machine on the _inside_ of a firewall which is (de
facto) not addressable directly.
2. Use a reverse connection from the proper machine inside the work
firewall to my home firewall which forwards all ssh connections to
the same machine.
Note: If I had the same type of firewalling arrangement on the home
end I would have to do something more complicated to get this all to
work, but since any incoming ssh connection to the home firewall is
forward to one fixed machine I don't have a problem.
Tell me if you think I missed something.
Bill.
--
Bill Barth | Home: (512) 797-3045
[EMAIL PROTECTED] | Work: (512) 471-4069
Office: WRW 111 | Fax: (512) 232-3357
---------------------------------------------------------------------
To unsubscribe, send a message with the line: unsubscribe vnc-list
to [EMAIL PROTECTED]
See also: http://www.uk.research.att.com/vnc/intouch.html
---------------------------------------------------------------------
