Re: Persistent port forwarding without ssh
At Thursday, 09 December 2004, Micha Feigin <michf@post.tau.ac.il>
wrote:
>At Thu, 9 Dec 2004 21:49:47 +1100,
>Robert S wrote:
>>
>> I am wanting to set up a VPN using ssh between my office and my
home Windows
>> PCs, using a debian box at the remote end. The setup is as follows:
>>
>> HOME (winxp)- - - -<internet>- - - - DEBIAN ----<internal network>-
---SERVER
>> (win2K)
>>
>> I have managed to connect (using vnc) to SERVER using PuTTY or
ssh at the
>> home end thus:
>>
>> 1. log into DEBIAN from HOME using Putty, forward remote port
5900 to local
>> port 5901
>> 2. forward port from SERVER to DEBIAN using "ssh -C -g -L 5900:
server:5900
>> debian"
>> 3. connect vncviewer to local port 5901.
>>
>
>You could use masquarading (iptables) on the debian machine to forward
>some port
>on the debian machine to the server and then when you connect ssh
to that port
>the connection will be forwarded directly to the server.
>
>I think that there is also a way to automatically run a command on ssh
>connection. I remember something in a tutorial about setting up
cvs with ssh to
>allow only running cvs on the server so that the users don't have
complete
>control.
>
>> All is fine with this setup. If I do this with samba using port 139
>> however, it fails because I've disabled root ssh logins.
>>
>> I'd like to set up the above setup where step 2 is replaced by
a persistent
>> connection that doesn't require a second password entry. In other
words,
>> I'd like to forward a port on SERVER to a port on DEBIAN. I don't
want to
>> use a private key file because that would have to be located on
DEBIAN, with
>> obvious security problems. I assume that this would require something
other
>> than ssh.
>>
>
>You could use the -R option with ssh to also forward ports in the
reverse
>direction.
>
>> Can you do this with iptables - if so - how? stunnel does not
seem to do
>> it - my syslog on DEBIAN indicates a connection, but nothing happens
on the
>> HOME end.
>>
>>
>>
>>
>> --
>> To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
>> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.
debian.org
>>
>>
>> +++++++++++++++++++++++++++++++++++++++++++
>> This Mail Was Scanned By Mail-seCure System
>> at the Tel-Aviv University CC.
>>
>
>--
Have you thought about openVPN? It was pretty easy to get up and
running.
http://www.zerocrossings.com/
Reply to: