Sorry, forgot to include an informative subject line.
--- Charles Baker <[EMAIL PROTECTED]> wrote:
> I cross posted the following to the Linuxrouter
> Project Mailing list:
>
> As the subject states I want to tunnel VNC through
> SSH
> to make a connection to a server on my private IP
> DMZ.
> I'm using the LRP variant EigersteinBETA2 and the
> associtated 1.1 extended scripts for my personal
> firewall and to set up both a private IP address
> range
> DMZ and a fully private subnet.
>
> At work, I'm behind a firewall that only allows
> connections out to remote machines on ports 21, 80,
> 443 and perhaps a couple of other ports. So, on my
> LRP
> box at home, I opened 21 to be forwarded to the DMZ
> machine. On the DMZ machine, a linux box, I edited
> hosts.allow to allow traffic on 21 and I added 21 as
> an extra port for sshd to listen too. I restarted
> sshd. I started the vncserver and it is listening on
> local port 5901.
>
> So on my machine here at work I make a ssh
> connection
> to my.ip.xx.yy:21 but depending on how I initiate
> the
> connection all I get is a flashing cursor,
> never a real login, and eventually it times out (
> using a *.ini file and customized shortcut to
> ttssh).
> If I initiate the connectionin a slightly differnet
> manner, I am asked for my username and password, but
> get no further, not even an error message from the
> sshd, just the blinking cursor again ( using ttssh
> directly and giving it all the parameters). I
> also attempt to do a local forward w/ ssh like so:
> "5999:my.ip.xx.yy:5901 my.ip.xx.yy". I can't help
> feeling that I'm missing something here.
>
> Also, I can get it too work from my private subnet
> at
> home by ssh'ing to the priv.ip.DMZ.serv:21 w/ a
> forwrd
> of "5999:priv.ip.DMZ.serv:5901 priv.ip.DMZ.serv". I
> can ssh from my private subnet to my.ip.xx.yy, but
> if
> I recall correctly the VNC connection doesn't work.
>
> One other forward I tried was
> "5999:priv.ip.DMZ.serv:5901 my.ip.xx.yy" though I
> had
> little hope of that succeeding.
>
> Have I posed this problem in too vague a manner?
>
> |-----------|>---VNC----|
> |workstation| |
> |---------- |<-SSH:5999-|
> |
> |
> V
> |---| |---|
> |fw |<--->internet<--->my.ip.xx.yy:21|lrp|
> |---| |---|
> |
> |
> |----ssh---<|-----------| |
> | |DMZ,sshd:21|<-|
> |-vnc:5901->|-----------|
>
> When sshd on the privDMZ gets the ssh connection it
> should forward to its own local port 5901, correct?
> What could be blocking a good response from the ssh
> server? When I get home this evening I'll check my
> logs closely, for I'm sure they are now full of
> denied
> packets.
>
> Other notes, At work I'm using TeraTerm pro with the
> TTSSH 1.5.4 plugin. At home, I used this same
> software
> and another windows ssh client, the name of which
> escapes me. Couldn't figure out how to make putty do
> forwarding. I was also able to do this from my linux
> box at home using the command line ssh provided by
> OpenSSH. I also have OpenSSH running on the DMZ
> machine. One thing I wasn't clear on was the port
> directive in sshd_config, should there be separate
> PORT lines for each port you want sshd to listen on
> (
> the way I have it now ) or a single PORT line with
> port numbers separated by commas?
>
> =====
> -
> [EMAIL PROTECTED]
> Hacking is a "Good Thing!"
> See
> http://www.tuxedo.org/~esr/faqs/hacker-howto.html
>
> __________________________________________________
> Do You Yahoo!?
> Yahoo! Auctions - Buy the things you want at great
> prices.
> http://auctions.yahoo.com/
>
---------------------------------------------------------------------
> To unsubscribe, send a message with the line:
> unsubscribe vnc-list
> to [EMAIL PROTECTED]
> See also:
> http://www.uk.research.att.com/vnc/intouch.html
>
---------------------------------------------------------------------
=====
-
[EMAIL PROTECTED]
Hacking is a "Good Thing!"
See http://www.tuxedo.org/~esr/faqs/hacker-howto.html
__________________________________________________
Do You Yahoo!?
Yahoo! Auctions - Buy the things you want at great prices.
http://auctions.yahoo.com/
---------------------------------------------------------------------
To unsubscribe, send a message with the line: unsubscribe vnc-list
to [EMAIL PROTECTED]
See also: http://www.uk.research.att.com/vnc/intouch.html
---------------------------------------------------------------------
