Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 18 Nov 2002 14:34:26 -0800
From:      Darren Pilgrim <dmp@pantherdragon.org>
To:        Doug Poland <doug@polands.org>
Cc:        freebsd-questions@FreeBSD.ORG
Subject:   Re: Secure tunneling of remote-access Windows sessions?
Message-ID:  <3DD96AF2.6070206@pantherdragon.org>
References:  <3DD8C017.7030503@pantherdragon.org> <1131.172.16.1.33.1037636383.squirrel@samaria.polands.org>
next in thread | previous in thread | raw e-mail | index | archive | help 
Doug Poland wrote:
> Darren Pilgrim said:
> 
>>I want to setup VNC on some Windows machines so I can access them
>>over  the internet, but I need to secure the connection in a way
>>that will  work with NAT'ing firewalls on both ends of the
>>connection.  How can I  do this?  I was thinking of setting up a
>>tunnel between the two
>>firewalls.  On the local end, the tunnel starts at a given port on
>>the  firewall, which is connected to a port on the remote firewall
>>that  forwards to the VNC port on the remote machine.  How would I
>>go about  doing this?  Is there a better option?
>>
>>
> 
> I recommend you use the TightVNC form of VNC.  Read the info on this
> link:  http://www.uk.research.att.com/vnc/sshvnc.html then read the
> ssd man page paying close attention to the -L switch.  If you have
> particular problems after this leg work, then ask again.

Okay, I see how I can use ssh/sshd running on the FreeBSD gateways on
each end of the connection to make the remote VNC port accessible via a
port on the local gateway.  However, their setup requires that the
remote machine have a routable IP address, doesn't it?  Modifying the 
model on the page you sent me:

local machine (me) ----- gateway1
   10.2.3.4/24            `ssh -g -L 5900:10.1.2.3:5900 gateway2`
   runs vncviewer            |
                          internet
                             |
                          gateway2 ----- remote machine
                        running sshd     10.1.2.3/24
                                         running vnc server
                                         on port 5900

Since the IP address I'm forwarding is non-routable, what happens?  What 
happens to the source IP address, which is also non-routable and, to 
gateway2, non-local?



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3DD96AF2.6070206>