Re: Persistent port forwarding without ssh
On Thu, Dec 09, 2004 at 09:49:47PM +1100, Robert S wrote:
} I am wanting to set up a VPN using ssh between my office and my home Windows
} PCs, using a debian box at the remote end. The setup is as follows:
}
} HOME (winxp)- - - -<internet>- - - - DEBIAN ----<internal network>----SERVER
} (win2K)
}
} I have managed to connect (using vnc) to SERVER using PuTTY or ssh at the
} home end thus:
}
} 1. log into DEBIAN from HOME using Putty, forward remote port 5900 to local
} port 5901
} 2. forward port from SERVER to DEBIAN using "ssh -C -g -L 5900:server:5900
} debian"
} 3. connect vncviewer to local port 5901.
}
} All is fine with this setup. If I do this with samba using port 139
} however, it fails because I've disabled root ssh logins.
}
} I'd like to set up the above setup where step 2 is replaced by a persistent
} connection that doesn't require a second password entry. In other words,
} I'd like to forward a port on SERVER to a port on DEBIAN. I don't want to
} use a private key file because that would have to be located on DEBIAN, with
} obvious security problems. I assume that this would require something other
} than ssh.
}
} Can you do this with iptables - if so - how? stunnel does not seem to do
} it - my syslog on DEBIAN indicates a connection, but nothing happens on the
} HOME end.
I'd do it with socket (not the system call, but the program; apt-get
install socket). Replace step 2 with an init script that runs at startup
and contains:
#!/bin/sh
socket -blsfq -B 127.0.0.1 -p "socket -q DEBIAN 5900" 5900
See the socket(1) man page for details on what that command does. Roughly
speaking, it listens on port 5900 on localhost (only localhost, so only
programs running on the server, e.g. sshd, can connect to it) and, when it
gets a connection, forks off a forwarded connection to the Debian box.
--Greg
Reply to: