[Gllug] Reverse Tunnel and NX
Robert McKay
robert at mckay.com
Sun Nov 16 13:41:35 UTC 2008
On Sun, Nov 16, 2008 at 9:44 AM, Stephen Nelson-Smith
<sanelson at gmail.com> wrote:
> I have set up a reverse ssh tunnel from a machine behind a firewall
> which allows no inbound traffic. This is great - I can now ssh to
> localhost on the machine where the tunnel terminates, and get onto the
> box. However, I want to use NX, and the machine where the tunnel
> terminates isn't my workstation - it's just a machine with a shell
> account.
> Like this:
>
> [workstation] --- ssh -R 2048:10.0.0.50:22 stephen at whizzobutter.com
> ---[site firewall]---[my firewall]---> [morris (10.0.0.50)]
> <---nxclient 10.0.0.52 -p 2048--- [laptop]
like this;
ssh -R 0.0.0.0:2048:10.0.0.50:22 stephen at whizzobutter.com
where 0.0.0.0 is the address on the remote machine that you want to
bind too (instead of 127.0.01 which is the default). You can use
0.0.0.0 or * to indicate BIND_ANY. For this to work you need to enable
GatewayPorts in your sshd_config file on the remote machine that you
are sshing into.
> My apologies for emailing first, before some serious googling - but I
> won't be near a computer for the rest of the day, and really need an
> idea of where to go next by tomorrow morning. My hope is there's
> something simple I can do to allow "morris" to listen on the port that
> appears as the result of the ssh tunnel. Iptables translation
> perhaps? But is there something even easier?
It's all explained in the ssh and sshd manpages.
Rob.
--
Gllug mailing list - Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug
More information about the GLLUG
mailing list