ssh tunneling
this is not really a debian question, but i tried elsewhere and got no
satisfying answers. i have seen bunch of geniuses on this list, so i can
risk the kicking-around for an answer!! :)
here's the output of nmap of my gateway/firewall:
Port State Service
22/tcp open ssh
111/tcp open sunrpc
194/tcp filtered irc
4000/tcp filtered remoteanything
6346/tcp filtered gnutella
6667/tcp filtered irc
27374/tcp filtered subseven
(i have a question about the filtered ports, but more about that later)
i am not able to connect to a vnc-server thats running behind the
firewall. i know that the vncserver is running because i can open
vncviewers from other clients behind the firewall. but when i ssh to the
gateway from localhost@some-internet-domain with the -L
5903:vncserver:5903 option and forward from the gateway to the vncserver
using another ssh -L ..., i am not able to connect to the vncserver at
port 5903 on localhost. with a RealVNC viewer, i get an error like
"channel 2 or 4: administratively prohibited" and with TightVNC, i get
just a connection failure. nmap output for the gateway after the port
5903 forwarding gives the same results as above. but for the vncserver
behind the firewall, everything seems ok:
22/tcp open ssh
25/tcp open smtp
111/tcp open sunrpc
2049/tcp open nfs
5801/tcp open vnc-http-1
5803/tcp open vnc-http-3
5901/tcp open vnc-1
5903/tcp open vnc-3
6000/tcp open X11
6001/tcp open X11:1
6003/tcp open X11:3
6112/tcp open dtspc
32771/tcp open sometimes-rpc5
32775/tcp open sometimes-rpc13
32777/tcp open sometimes-rpc17
why isn't the gateway/firewall allowing vnc ports to be forwarded to the
vncserver? or isn't that the problem? what should a tweak with the
firewall (which is a standard iptables ruleset)?
secondly, how can i close the filtered ports? i cannot find what process
is keeping them. i know that i disabled ICMP requests on my gateway, so
do those filtered ports just mean that nmap could not find their state?
thanks
-praveen
Reply to: