From owner-freebsd-net@FreeBSD.ORG Fri Dec 12 00:01:42 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B6DEC16A4CE for ; Fri, 12 Dec 2003 00:01:42 -0800 (PST) Received: from mwinf0401.wanadoo.fr (smtp4.wanadoo.fr [193.252.22.27]) by mx1.FreeBSD.org (Postfix) with ESMTP id 59CBE43D32 for ; Fri, 12 Dec 2003 00:01:36 -0800 (PST) (envelope-from molter@tin.it) Received: from www.example.org (ANice-205-1-10-92.w81-248.abo.wanadoo.fr [81.248.121.92]) by mwinf0401.wanadoo.fr (SMTP Server) with SMTP id C355D58000F0 for ; Fri, 12 Dec 2003 09:01:34 +0100 (CET) Received: (qmail 1017 invoked by uid 1000); 12 Dec 2003 08:01:31 -0000 Date: Fri, 12 Dec 2003 09:01:31 +0100 From: Marco Molteni To: paul van den bergen Message-ID: <20031212080131.GB962@cobweb.example.org> References: <200312121233.43680.pvandenbergen@swin.edu.au> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <200312121233.43680.pvandenbergen@swin.edu.au> User-Agent: Mutt/1.4.1i cc: freebsd-net@freebsd.org Subject: Re: ssh tunnels and Xvnc - (yes, I know... What? not again!?) X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 12 Dec 2003 08:01:42 -0000 Hi Paul, I guess we already met on the mip6 mailing list... :-) paul van den bergen wrote [2003-12-12]: > Hi all, > > I have a situation that has not been fully addressed by the excellent > documentation on getting ssh tunnels and remote X-windows display managers > (like VNC) running. And my feeble brain is too damaged by the dreaded lurgy > to make heads or tails of it. > > home machine (home) ---- ISP --- internet --- work firewall --- work machine1 > (additional firewall?) (work1) --- work machine 2 (desktop) (work2). > > I can ssh from home to the work1 and ssh from there to work2. > home runs windows 2k and I have (full) admin access > work1 and 2 run FreeBSD > I have root access on work2 but not work 1 you should be able to do it in one step, no need to log into work1, no need to run the listener... you just need your ssh public keys in work1 and work2 from home you double tunnel: LOCALPORT=6333 REMOTEPORT=5901 ssh -t -L $LOCALPORT:localhost:12945 work1 \ ssh -L 12945:localhost:$REMOTEPORT work2 then, always from home, you use vncviewer. You have to force the encodings otherwise vncviewer thinks it is local and will not compress. This syntax works fine for tightvnc LOCALPORT=6333 vncviewer -bgr233 \ -encodings "copyrect tight hextile zlib corre rre raw" \ localhost::$LOCALPORT marco