Re: VNC and Firewalls, a story.

Mon, 08 Jan 2001 07:10:31 -0800 

In order to avoid the multiple nested ssh's, use a port redirector (eg. redir).

On my firewall, I redirect port 24 to port 22 on my Solaris box, so from home I do:  
ssh -p 24 ...

This should increase your performance, as well as simplify your command line.

BJ.

>>>>>>>>>>
> Date: Fri, 5 Jan 2001 21:36:09 -0500
> From: "William L. (Bill) Barth" <[EMAIL PROTECTED]>
> To: [EMAIL PROTECTED]
> Subject: VNC and Firewalls, a story.
> 
> I noticed that there were several questions regarding using VNC and
> firewalls in the FAQ (50, directly and 51-54 indirectly) and a
> write-up in the contrib section on the subject, so I thought I'd share
> my experience with the community.
> 
> My setup: (Apologies to the ASCII art impaired :)
> 
> ---------   ------------   ----------   ------------   ----------
> | Home  |---| Firewall |---|Internet|---| Firewall |---| Work 1 |
> ---------   ------------   ----------   ------------ | ----------
>                                                      | ----------
>                                                      \-| Work 2 |
>                                                      | ----------
>                                                      | ----------
>                                                      \-| Work n |
>                                                        ----------
> 
> All the machines involved are linux boxen.
> 
> The home firewall disallows all incoming connections except ssh. The
> work firewall does the same. Incoming ssh connections on the work end
> are routed randomly (for load balancing) to one of a list of machines on
> the internal network all of which have the same host keys. Given all that:
> 
> home$ ssh work
> and
> work1$ ssh home
> 
> work as expected. To get to a particular machine, work1 for instance,
> on the work internal network one would do:
> 
> home$ ssh -t work ssh work1
> 
> That being said, in order to get Xvnc function from work to home, I do
> the following:
> 
> home$ ssh -t work ssh work1 /pathtovncserver/vncserver :2 ; ssh -g -R 
>5902:work1:5902 home
> 
> then, in a separate xterm:
> 
> home$ vncviewer localhost:2
> 
> (The reverse connection is necessary since the firewalls don't allow
> any ports but the SSH ports through.)
> 
> I'd like to hear from anyone in similar circumstances that's doing
> something different.
> 
> Bill.
> 
> -- 
> Bill Barth                   |   Home: (512) 797-3045
> [EMAIL PROTECTED]  |   Work: (512) 471-4069
> Office: WRW 111              |   Fax:  (512) 232-3357
---------------------------------------------------------------------
To unsubscribe, send a message with the line: unsubscribe vnc-list
to [EMAIL PROTECTED]
See also: http://www.uk.research.att.com/vnc/intouch.html
---------------------------------------------------------------------

Reply via email to