Date: Mon, 18 Nov 2002 14:34:26 -0800 From: Darren Pilgrim <dmp@pantherdragon.org> To: Doug Poland <doug@polands.org> Cc: freebsd-questions@FreeBSD.ORG Subject: Re: Secure tunneling of remote-access Windows sessions? Message-ID: <3DD96AF2.6070206@pantherdragon.org> References: <3DD8C017.7030503@pantherdragon.org> <1131.172.16.1.33.1037636383.squirrel@samaria.polands.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Doug Poland wrote: > Darren Pilgrim said: > >>I want to setup VNC on some Windows machines so I can access them >>over the internet, but I need to secure the connection in a way >>that will work with NAT'ing firewalls on both ends of the >>connection. How can I do this? I was thinking of setting up a >>tunnel between the two >>firewalls. On the local end, the tunnel starts at a given port on >>the firewall, which is connected to a port on the remote firewall >>that forwards to the VNC port on the remote machine. How would I >>go about doing this? Is there a better option? >> >> > > I recommend you use the TightVNC form of VNC. Read the info on this > link: http://www.uk.research.att.com/vnc/sshvnc.html then read the > ssd man page paying close attention to the -L switch. If you have > particular problems after this leg work, then ask again. Okay, I see how I can use ssh/sshd running on the FreeBSD gateways on each end of the connection to make the remote VNC port accessible via a port on the local gateway. However, their setup requires that the remote machine have a routable IP address, doesn't it? Modifying the model on the page you sent me: local machine (me) ----- gateway1 10.2.3.4/24 `ssh -g -L 5900:10.1.2.3:5900 gateway2` runs vncviewer | internet | gateway2 ----- remote machine running sshd 10.1.2.3/24 running vnc server on port 5900 Since the IP address I'm forwarding is non-routable, what happens? What happens to the source IP address, which is also non-routable and, to gateway2, non-local? To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3DD96AF2.6070206>