reverse tunnel query - SSH

This is a discussion on reverse tunnel query - SSH ; I want to access the windows desktop running (tightVNC) next to the linux server at work (NTGHICU1). I can connect from the linux box to the windows machine NTGHICU1 ~ # telnet 10.138.8.77 5900 Trying 10.138.8.77... Connected to 10.138.8.77. Escape ...

+ Reply to Thread
Results 1 to 2 of 2

Thread: reverse tunnel query

  1. reverse tunnel query

    I want to access the windows desktop running (tightVNC) next to the
    linux server at work (NTGHICU1). I can connect from the linux box to
    the windows machine

    NTGHICU1 ~ # telnet 10.138.8.77 5900
    Trying 10.138.8.77...
    Connected to 10.138.8.77.
    Escape character is '^]'.
    RFB 003.003

    i then setup a reverse tunnel to the home machine (grenada)

    ssh -R 5910:10.138.8.77:5900 xx.xx.xx.xx

    and connect to the home end of the tunnel

    grenada ~ # telnet localhost 5910
    Trying 127.0.0.1...
    Connected to localhost.
    Escape character is '^]'.
    RFB 003.003

    grenada tmp # lsof |grep 5910
    sshd 21296 root 8u IPv4 1225398 TCP
    localhost:5910 (LISTEN)
    grenada tmp # netstat |grep 5910
    tcp 0 0 localhost:5910 localhost:4320
    TIME_WAIT
    grenada tmp #

    but I cant connect from a LAN client

    dads tmp # telnet grenada 5910
    Trying 192.168.0.254...
    telnet: Unable to connect to remote host: Connection refused
    dads tmp #

    shorewall is the firewall

    grenada tmp # grep ^[A-Za-z0-9\ ] /etc/shorewall/rules
    ACCEPT loc $FW tcp 10000
    Web/ACCEPT net $FW
    Web/ACCEPT loc $FW
    SMB/ACCEPT $FW loc
    SMB/ACCEPT loc $FW
    DNS/ACCEPT $FW net
    DNS/ACCEPT loc $FW
    SSH/ACCEPT loc $FW
    SSH/ACCEPT net $FW
    ACCEPT loc $FW tcp 24
    Webmin/ACCEPT loc $FW
    Ping/ACCEPT loc $FW
    ACCEPT loc fw udp 67,68
    ACCEPT net $FW tcp 23
    ACCEPT net $FW tcp 5910
    ACCEPT loc $FW tcp 5910
    grenada tmp # iptables -L |grep 5910
    ACCEPT tcp -- anywhere anywhere tcp
    dpt:5910
    ACCEPT tcp -- anywhere anywhere tcp
    dpt:5910
    grenada tmp #

    not sure where to look to sort this out


  2. Re: reverse tunnel query


    You need to configure sshd to bind all interfaces for a reverse
    forwarding, not just the loopback (gatewayports=yes).

    --
    Richard Silverman
    res@qoxp.net


+ Reply to Thread