Re: Persistent port forwarding without ssh

To: debian-user@lists.debian.org
Subject: Re: Persistent port forwarding without ssh
From: Harland Christofferson <debian-user@zerocrossings.com>
Date: Thu, 09 Dec 2004 13:46:56 -0500
Message-id: <[🔎] 20041209184322.84A8C2E658@murphy.debian.org>
Reply-to: debian-user@zerocrossings.com

At Thursday, 09 December 2004, Micha Feigin <michf@post.tau.ac.il> 
wrote:

>At Thu, 9 Dec 2004 21:49:47 +1100,
>Robert S wrote:
>> 
>> I am wanting to set up a VPN using ssh between my office and my 
home Windows 
>> PCs, using a debian box at the remote end.  The setup is as follows:
>> 
>> HOME (winxp)- - - -<internet>- - - - DEBIAN ----<internal network>-
---SERVER 
>> (win2K)
>> 
>> I have managed to connect (using vnc) to SERVER using PuTTY or 
ssh at the 
>> home end thus:
>> 
>> 1. log into DEBIAN from HOME using Putty, forward remote port 
5900 to local 
>> port 5901
>> 2. forward port from SERVER to DEBIAN using "ssh -C -g -L 5900:
server:5900 
>> debian"
>> 3. connect vncviewer to local port 5901.
>> 
>
>You could use masquarading (iptables) on the debian machine to forward 
>some port
>on the debian machine to the server and then when you connect ssh 
to that port
>the connection will be forwarded directly to the server.
>
>I think that there is also a way to automatically run a command on ssh
>connection. I remember something in a tutorial about setting up 
cvs with ssh to
>allow only running cvs on the server so that the users don't have 
complete
>control.
>
>> All is fine with this setup.  If I do this with samba using port 139 
>> however, it fails because I've disabled root ssh logins.
>> 
>> I'd like to set up the above setup where step 2 is replaced by 
a persistent 
>> connection that doesn't require a second password entry.  In other 
words, 
>> I'd like to forward a port on SERVER to a port on DEBIAN.  I don't 
want to 
>> use a private key file because that would have to be located on 
DEBIAN, with 
>> obvious security problems.  I assume that this would require something 
other 
>> than ssh.
>> 
>
>You could use the -R option with ssh to also forward ports in the 
reverse
>direction.
>
>> Can you do this with iptables - if so - how?  stunnel does not 
seem to do 
>> it - my syslog on DEBIAN indicates a connection, but nothing happens 
on the 
>> HOME end. 
>> 
>> 
>> 
>> 
>> -- 
>> To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org 
>> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.
debian.org
>> 
>>  
>>  +++++++++++++++++++++++++++++++++++++++++++
>>  This Mail Was Scanned By Mail-seCure System
>>  at the Tel-Aviv University CC.
>> 
>
>-- 

Have you thought about openVPN? It was pretty easy to get up and 
running. 


http://www.zerocrossings.com/

Reply to:

Prev by Date: HD install broken?
Next by Date: Re: how can I put an acpi laptop to sleep?
Previous by thread: Re: Persistent port forwarding without ssh
Next by thread: Ghostcast similar; g4u, udpcast ?
Index(es):
- Date
- Thread