[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: ssh tunneling

On Mon, 25 Aug 2003 13:51:37 -0500
"P. Kallakuri" <praveen@unlserve.unl.edu> wrote:
> vncviewers from other clients behind the firewall. but when i ssh to the 
> gateway from localhost@some-internet-domain with the -L 
> 5903:vncserver:5903 option and forward from the gateway to the vncserver 
> using another ssh -L ..., i am not able to connect to the vncserver at 
> port 5903 on localhost. with a RealVNC viewer, i get an error like 
> "channel 2 or 4: administratively prohibited" and with TightVNC, i get 
> just a connection failure. nmap output for the gateway after the port 
> 5903 forwarding gives the same results as above. but for the vncserver 
> behind the firewall, everything seems ok:

    What does ssh -v tell you?  Is it really setting up the port forward?

> secondly, how can i close the filtered ports?

    Set them to REJECT instead of DROP.  REJECT makes them looked closed to
the outside world.  DROP is a hint something is listening and just not
answering hence filtered.

> i cannot find what process is keeping them. i know that i disabled ICMP 
> requests on my gateway, 

    Ungh.  Why?  Why disable ICMP.  I never figured that one out.  Anything
goes wrong with that line and you'll need to remember to turn it back on so as
not to waste the tech's time.  "Uh, I can't ping your machine, are you sure it
is plugged in?"  "Oh, wait, hold on, I turned off that diagnostic tool."

         Steve C. Lamb         | I'm your priest, I'm your shrink, I'm your
       PGP Key: 8B6E99C5       | main connection to the switchboard of souls.

Attachment: pgpdBB3YHgMMM.pgp
Description: PGP signature

Reply to: