From owner-freebsd-questions Mon Nov 18 14:34:42 2002 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A468E37B401 for ; Mon, 18 Nov 2002 14:34:40 -0800 (PST) Received: from spork.pantherdragon.org (spork.pantherdragon.org [206.29.168.146]) by mx1.FreeBSD.org (Postfix) with ESMTP id F27EB43E77 for ; Mon, 18 Nov 2002 14:34:36 -0800 (PST) (envelope-from dmp@pantherdragon.org) Received: from sparx.techno.pagans (12-224-208-117.client.attbi.com [12.224.208.117]) by spork.pantherdragon.org (Postfix) with ESMTP id 76B951005F; Mon, 18 Nov 2002 14:34:30 -0800 (PST) Received: from pantherdragon.org (speck.techno.pagans [172.21.42.2]) by sparx.techno.pagans (Postfix) with ESMTP id AEBF6AA8F; Mon, 18 Nov 2002 14:34:28 -0800 (PST) Message-ID: <3DD96AF2.6070206@pantherdragon.org> Date: Mon, 18 Nov 2002 14:34:26 -0800 From: Darren Pilgrim User-Agent: Mozilla/5.0 (Windows; U; Win98; en-US; rv:1.1) Gecko/20020826 X-Accept-Language: en-us, en MIME-Version: 1.0 To: Doug Poland Cc: freebsd-questions@FreeBSD.ORG Subject: Re: Secure tunneling of remote-access Windows sessions? References: <3DD8C017.7030503@pantherdragon.org> <1131.172.16.1.33.1037636383.squirrel@samaria.polands.org> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Doug Poland wrote: > Darren Pilgrim said: > >>I want to setup VNC on some Windows machines so I can access them >>over the internet, but I need to secure the connection in a way >>that will work with NAT'ing firewalls on both ends of the >>connection. How can I do this? I was thinking of setting up a >>tunnel between the two >>firewalls. On the local end, the tunnel starts at a given port on >>the firewall, which is connected to a port on the remote firewall >>that forwards to the VNC port on the remote machine. How would I >>go about doing this? Is there a better option? >> >> > > I recommend you use the TightVNC form of VNC. Read the info on this > link: http://www.uk.research.att.com/vnc/sshvnc.html then read the > ssd man page paying close attention to the -L switch. If you have > particular problems after this leg work, then ask again. Okay, I see how I can use ssh/sshd running on the FreeBSD gateways on each end of the connection to make the remote VNC port accessible via a port on the local gateway. However, their setup requires that the remote machine have a routable IP address, doesn't it? Modifying the model on the page you sent me: local machine (me) ----- gateway1 10.2.3.4/24 `ssh -g -L 5900:10.1.2.3:5900 gateway2` runs vncviewer | internet | gateway2 ----- remote machine running sshd 10.1.2.3/24 running vnc server on port 5900 Since the IP address I'm forwarding is non-routable, what happens? What happens to the source IP address, which is also non-routable and, to gateway2, non-local? To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message