Re: ssh tunnel question.

From: Andrew Schulman (andrex_at_deadspam.com)
Date: 09/14/04

  • Next message: Andrew Schulman: "Re: ssh tunnel question." 
    Date: Tue, 14 Sep 2004 03:38:28 -0400

    > I have a windows box that I need to use to terminal service into
    > another windows box behind the firewall.
    >
    > A: winbox
    > B: Firewall
    > C: Winbox running termserv b/h firewall B
    > D: Sun box on same network as A
    >
    > I do this on C,
    > ssh -L 3389:C:3389 -l username B

    You mean you do this on A?

    > but then when I open up the mstsc, it tells me it can't make
    > connection.

    And you tell it to connect to what host? localhost?

    > I've used this method to connect to a web server running
    > on C successfully so I know it should work but this might be a problem
    > with mstsc not liking localhost part,

    I don't know about mstsc, but I've done this successfully with Remote
    Desktop in XP, which should be the same thing.

    Have you checked that the port forwarding succeeded? E.g. run netstat
    before and after setting up the tunnel. If A (where I assume you are) is
    also running terminal server, then 3389/TCP will already be in use and the
    port forwarding will fail. Have you cranked up the debug level on ssh and
    looked at the messages for signs of trouble?
     
    > My question is the following,
    >
    > is it possible to do
    > ssh -L 3389:C:3389 -l username B on the sun box and then from A, I can
    > termserv into the sunbox? I tried it but it didn't work.

    Yes, that should also work, but only if you've set "GatewayPorts yes" in
    ~/.ssh/config on D. By default GatewayPorts is "no", so the Sun box will
    deny incoming connections to 3389 from A. 

    -- 
To reply by email, replace "deadspam.com" by "alumni.utexas.net"
  • Next message: Andrew Schulman: "Re: ssh tunnel question."

    Relevant Pages

    • Re: Guide to secure installtion of IIS 5
      ... don't forget a well-configured firewall. ... Do not put the computer onto the network or the Internet until after the ... Follow the instructions for hardening Windows and IIS at ... Install all service packs and security fixes from Microsoft and otherwise ...
      (microsoft.public.inetserver.iis.security)
    • Re: Is secedit.exe left by a hacker?
      ... > tested on port 445. ... > I have a Linksys router that I use as a firewall to my ... Secedit.exe is the name of a legitimate Windows file, ... investigate the files on your computer - antivirus with the latest updates ...
      (microsoft.public.win2000.security)
    • Re: Is secedit.exe left by a hacker?
      ... >> tested on port 445. ... >> I have a Linksys router that I use as a firewall to my ... >investigate the files on your computer - antivirus with ... >windows and everything else. ...
      (microsoft.public.win2000.security)
    • Re: How to Maintain an IIS Server?
      ... > server running on a Windows 2000 server. ... before a firewall and antivirus have been installed]. ... open ports; however, this will not identify which program is using the port. ...
      (microsoft.public.inetserver.iis.security)
    • Re: password protection
      ... and cable] and should really consider Windows 2000 / XP. ... sure you're also running antivirus and firewall, ... Internet] to bypass this security. ...
      (microsoft.public.security)