From owner-freebsd-questions@FreeBSD.ORG Thu Jul 22 09:49:34 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 54F5316A4CE for ; Thu, 22 Jul 2004 09:49:34 +0000 (GMT) Received: from internet.potentialtech.com (h-66-167-251-6.phlapafg.covad.net [66.167.251.6]) by mx1.FreeBSD.org (Postfix) with ESMTP id ECFAF43D5D for ; Thu, 22 Jul 2004 09:49:33 +0000 (GMT) (envelope-from wmoran@potentialtech.com) Received: from working.potentialtech.com (pa-plum-cmts1e-68-68-113-64.pittpa.adelphia.net [68.68.113.64]) by internet.potentialtech.com (Postfix) with ESMTP id B17E769A3F; Thu, 22 Jul 2004 05:49:32 -0400 (EDT) Date: Thu, 22 Jul 2004 05:49:31 -0400 From: Bill Moran To: Thomas_Knight@adp.com Message-Id: <20040722054931.42a4cc14.wmoran@potentialtech.com> In-Reply-To: References: Organization: Potential Technologies X-Mailer: Sylpheed version 0.9.12 (GTK+ 1.2.10; i386-portbld-freebsd4.9) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit cc: Scott@isdr.net cc: freebsd-questions@freebsd.org Subject: Re: VNC on different port X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 22 Jul 2004 09:49:34 -0000 Thomas_Knight@adp.com wrote: > How would I set up the encrypted port tunneling? Something like: ssh -L 5900:your.host.name:5900 your.host.name should work. You can then connect to port 5900 on the local machine, and it will be forwarded to "your.host.name". Note also that you can forward X11 connections like this as well. The ssh man page has more. With your setup, you'll still need the nat forwarding on the FreeBSD firewall, unless you're able to ssh directly to the machine running vnc. > > Thomas G. Knight > ADP - Data Center Team > thomas_knight@adp.com > (801) 956-7449 > > > > Don't worry if you're a kleptomaniac, you can always take something for it. > -- Unknown > > > -----Original Message----- > From: Bill Moran [mailto:wmoran@potentialtech.com] > Sent: Wednesday, July 21, 2004 1:59 PM > To: Thomas_Knight@adp.com > Cc: freebsd-questions@freebsd.org; Scott@isdr.net > Subject: Re: VNC on different port > > Thomas_Knight@adp.com wrote: > > > My configuration is as follows: > > > > ------- ----------- ----------------- ------ > > | VNC | --- --- | FreeBSD | --- --- | Work Firewall | --- --- | ME | > > ------- ----------- ----------------- ------ > > > > I am trying to redirect ports so I can get out through my works firewall > > into my VNC Server. I can get it to work on port 8080 but not on 80 or 20 > or > > 21. My work only allows 20, 21, 22, 80 through the firewall. Please see > the > > example below. > > > > This does work: > > redirect_port tcp 10.0.3.21:5900 166.70.126.172:8080 > > This does not work: > > redirect_port tcp 10.0.3.21:5900 166.70.126.172:80 > > > > Any one have any idea's? > > If your work uses a transparent proxy for port 80, it's going to see the > VNC traffic as invalid HTTP data and probably mangle it or drop it. > > You'd actually be better off using ssh to do encrypted port tunnelling, > since your firewall allows it already. Running VNC unencrypted across the > Internet is dangerous. > > Either way, try one of the other available ports. Port 22 unlikely to be > proxied in any case. > > -- > Bill Moran > Potential Technologies > http://www.potentialtech.com > > > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org" -- Bill Moran Potential Technologies http://www.potentialtech.com