On Tue, 9 Jan 2001 23:18:33 -0600 (CST), William L. (Bill) Barth
<[EMAIL PROTECTED]> wrote:
>
> >>>>> "Ehud" == Ehud Karni <[EMAIL PROTECTED]> writes:
>
> Ehud> On Fri, 5 Jan 2001 20:36:09 -0600 (CST), William L. (Bill) Barth
> Ehud> <[EMAIL PROTECTED]> wrote:
> >>
> >> home$ ssh -t work ssh work1 /pathtovncserver/vncserver :2 ; ssh -g -R
>5902:work1:5902 home
> >>
> >> (The reverse connection is necessary since the firewalls don't allow
> >> any ports but the SSH ports through.)
>
> Ehud> I do not understand why you need the 2nd (reverse) ssh. You can
> Ehud> forward the home to work and work to home on the initial ssh.
>
> Ehud> Since I'm forwarding a lot of ports I have it on my ~/.ssh/config like
> Ehud> this (I also connect to one computer at work and work on another):
>
> Ehud> LocalForward 5910 bsw1:5910 # view LOAD VNC on bsw1
> Ehud> LocalForward 5944 linux:5944 # work on X (VNC) Emacs
>
> Ehud> RemoteForward 5901 ekc-5:5900 # connect to 2nd Home computer
>
> Ehud> I'm connecting from ekc-1 (at home ) to linux (at work).
> Ehud> The net nnection is:
>
> Ehud> ekc-1 |FW| ---(internet)--- |FW| linux
> Ehud> ekc-5 __| |___bsw1___PC___(more)
>
> Ehud> To work from home (ekc-1 or ekc-5) on my emacs session, I connect to
> Ehud> ekc-1:44, to work on home PC (ekc-5) from my PC at work I connect to
> Ehud> linux:1. So, single ssh should suffice (I also forward telnet and X).
>
> Assuming I understand your suggestion, the problem with trying to do
> it that way is that I'm not allowed to connect directly to or open
> ports on the firewall itself. All connections to the ssh port (22) on
> the work firewall are forwarded (transparently to me) to a _random_
> machine on the inside. So there are two ways I see that I can do this
>
> 1. Forward a local port on my home machine to the remote machine on
> which the Xvnc server is running. But I don't see how since I need
> to specify the machine on the _inside_ of a firewall which is (de
> facto) not addressable directly.
When you forward a local port (from home) the host names (at work, linux
and bsw1 in my example) are recognized on the REMOTE (work) side, they
need not be defined locally.
To work from home on a selected machine at work, you don't care to which
machine you are connected (by the firewall mechanism) because you
forward the connection to the selected machine by "work" host name.
> 2. Use a reverse connection from the proper machine inside the work
> firewall to my home firewall which forwards all ssh connections to
> the same machine.
To work on the home computer you MUST know to which work computer you
were routed (call it XXX) but you don't need another ssh connection.
All you need to do is to connect to the remote forwarded port on XXX.
You can automate the process of reverse connection by executing a script
after the ssh connection on the (random) work machine, that will put its
name in a file (by using hostname > file). The connecting script will
use this file content (i.e. HOST=`cat file`).
> Note: If I had the same type of firewalling arrangement on the home
> end I would have to do something more complicated to get this all to
> work, but since any incoming ssh connection to the home firewall is
> forward to one fixed machine I don't have a problem.
>
> Tell me if you think I missed something.
I think you complicate it too much. Remember, every pipe has 2 sides,
and you can connect form either side. `ssh' has a way of defining the
2 directions.
> Bill.
>
> --
> Bill Barth | Home: (512) 797-3045
> [EMAIL PROTECTED] | Work: (512) 471-4069
> Office: WRW 111 | Fax: (512) 232-3357
> ---------------------------------------------------------------------
--
@@@@@@ @@@ @@@@@@ @ @ Ehud Karni Simon & Wiesel Insurance agency
@ @ @ @@ @ Tel: +972-3-6212-757 Fax: +972-3-6292-544
@ @ @ @ @ @@ (USA) Fax and voice mail: 1-815-5509341
@ @ @ @ @ @ Better Safe Than Sorry
http://www.simonwiesel.co.il mailto:[EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, send a message with the line: unsubscribe vnc-list
to [EMAIL PROTECTED]
See also: http://www.uk.research.att.com/vnc/intouch.html
---------------------------------------------------------------------
