Re: Port Forwarding -- Checking to be sure I understand it



Chuck wrote:

I'm not sure I follow exactly what you're trying to do. You say you're
providing support for friends/relatives but you want them logging in to
your system. It usually goes the other way around. They run an ssh
server and VNC service. You set up a tunnel from your client to their
server. If you want to run the tunnel over some port other than 22 (the
ssh default) you need to specify the alternate port either in the
ssh_config file, or with the -p option on the command line. The server
must be listening on the same port so that would require a similar
modification to the sshd_config file on the server. This should all be
documented in the sshd man page, or you can just read the comments in
the ssh config files.

The problem is I have three behind a firewall that is rather restrictive and
we can't connect with an incoming (to them) connection.  My parents are on
a dynamic IP and don't want me doing anything to their system, router, or
anything else, so, again, it is easier to use an outbound connection.  With
them, I have a script that starts RealVNC as a server then adds my
Dyndns.org domain as a client and it connects to me.  In the long run, I
may try to use this with clients, so I have that in the back of my mind,
but it isn't an issue now.  However, I have two friends and a sister behind
restrictive firewalls that deny all incoming connections and block most
ports.  We tried using RealVNC on port 80, but it was blocked, so my best
guess is that firewall (and the others) don't just block ports, but check
the data on them.  I know those firewalls allow HTTPS connections, so I
figure they should allow ssh over port 443, since, from what little I know,
their firewalls won't be able to tell the difference between that and their
browser going to a secure site.


For example, say you connect to a VNC server (port 5800 IIRC) on
relative.dyndns.org using port 443 (to get through someone's firewall).
You would first run the VNC and sshd services on the machine your
connecting to and on the client run

ssh -p 443 -L 5800:localhost:5800 userID@xxxxxxxxxxxxxxxxxxx

IIRC there's an option you need to set on RealVNC to allow connections
from localhost too. I use UltraVNC had to do that.

That's what I'm working with now -- or trying to set up.  If I do that, and
my friend/relative logs in on their own account, I should still get the
forwarded data stream if I'm running a program on my account, right?

HTH

BTW I would recommend CopSSH instead of sshWindows. The latter hasn't
been updated for close to a year. CopSSH is updated regularly. They're
both free.

I've also discovered PuTTY and PLINK, and may go with the latter.  What I'd
like is one they can run to tunnel/forward the data without them actually
having to log in.  I've looked at stunnel, but this is where the long term
comes in: I'd really like to use the same program on Windows and Linux and
stunnel isn't always an easy compile on Linux and isn't always easy to
install by a package manager (saw a case of RPM hell with it).  PuTTY and
PLINK are close enough to SSH that if I can't use the exact same program, I
still am using the same backend.

I'll look at CopSSH.  I've never heard of it before, but it's worth a look.

Thanks for the help and info!

Hal
.



Relevant Pages

  • Re: Looking for program that emails me when dhcp addr changes
    ... For SSH all you need forwarded is TCP Port 22... ... >>participate in TCP connections or UDP conversations it initiates but ...
    (comp.security.ssh)
  • Re: SSH: remote login returns "invalid user"
    ... host mail.harlley-consultants.com ... server rather than web server? ... If they have the right server software running (mail, web, ssh daemon) then that software picks up the request. ... When you want to send mail to xxx@xxxxxxxxxxxxxxxxxxxxxxx, your mail server looks up the MX record for hartley-consultants and sends it to port 25 on the machine pointed to. ...
    (Debian-User)
  • Re: network programming: how does s.accept() work?
    ... The program you contact at Google is a server. ... so, the server will usually assign a new port, say 56399, specifically ... connections to a server remain on the same port, ... sockets is what identifies them. ...
    (comp.lang.python)
  • Re: ipfw and nmap
    ... > even be correct but I have a bsd box that is simply providing me SSH ... add allow tcp from any to me 22 setup in via fxp0 keep-state ... Note too that there is nothing to prevent port scanners simply setting ... the 'SYN' flag in the probe packets they send to your server. ...
    (freebsd-questions)
  • Re: Remote Desktop directly to another computer on the network
    ... default port... ... And there is no reason for me to believe that ssh ... When I have a multibillion company I will use the key pair, ... WinSCP for that to access my home SSH server. ...
    (microsoft.public.windowsxp.work_remotely)