Message-Id: <200107272222.SAA24413@delorie.com>
Mailing-List: contact cygwin-help AT sourceware DOT cygnus DOT com; run by ezmlm
List-Subscribe: <mailto:cygwin-subscribe AT sources DOT redhat DOT com>
List-Archive: <http://sources.redhat.com/ml/cygwin/>
List-Post: <mailto:cygwin AT sources DOT redhat DOT com>
List-Help: <mailto:cygwin-help AT sources DOT redhat DOT com>, <http://sources.redhat.com/ml/#faqs>
Sender: cygwin-owner AT sources DOT redhat DOT com
Delivered-To: mailing list cygwin AT sources DOT redhat DOT com
From: "Mark Paulus" <commpg AT yahoo DOT com>
To: "cygwin AT cygwin DOT com" <cygwin AT cygwin DOT com>
Date: Fri, 27 Jul 2001 13:42:33 -0600
Reply-To: "Mark Paulus" <commpg AT yahoo DOT com>
X-Mailer: PMMail 2000 Professional (2.20.2350) For Windows 2000 (5.0.2195;2)
In-Reply-To: <20010727141336.A10810@ontosys.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Subject: Re: Problem Tunneling VNC through SSH

One small caveat on this (I do this to home quite nicely).  If you have 
a firewall on both ends, then you actually want to make the middle 
parameter be localhost of the Forwarding Address.  For a pretty complete
discussion about this, see section 9.2.8 in the O'Reilly SSH:  The Secure
Shell book.  The last sentence states:
"In general, we recommend using localhost as the forwarding target whenever
possible.  This way, you are less likely to set up an insecure off-host forwarding by 
accident". 

And in my case,  I couldn't get the port forwarded through both
my firewalls.  So I had to use a local port.

My ssh command looks like the following:
ssh -l <myuser> -R 5904:localhost:5900 -L 5904:localhost:5932 home.

What this does is set up 2 pipes.  This allows me to connect to VNC
display localhost:4 and get to my machine at home running on 
display 32 (-L 5904:localhost:5932), and it also sets up a pipe 
that allows me to connect to display localhost:4 at home, which 
connects to the VNC under Win2K on Display 0 at work
(-R 5904:localhost:5900)



On Fri, 27 Jul 2001 14:13:36 -0500, fred AT ontosys DOT com wrote:

>On Fri, Jul 27, 2001 at 02:12:05PM -0400, Lesley DOT D DOT Lahman AT medstar DOT net wrote:
>> When on my_workstation I start ssh like this:
>> 'ssh -L 5901:my_server:5900 my_server'
>> port 5900 on my_server then supposedly is forwarded to
>> port 5901 on my_workstation, which corresponds to display 1.
>
>Doesn't that actually forward my_workstation:5901 to my_server:5900,
>given the sense of "forward" usually used with ssh?
>
>Have you tried 'ssh -L 5901:my_server:5901 my_server'?  That way when
>'vncviewer my_workstation:1' tries to connect to port 5901 on
>my_workstation it will end up communicating with port 5901 on the
>my_server.
>
>-- 
>Fred Yankowski           fred AT OntoSys DOT com      tel: +1.630.879.1312
>Principal Consultant     www.OntoSys.com       fax: +1.630.879.1370
>OntoSys, Inc             38W242 Deerpath Rd, Batavia, IL 60510, USA
>
>--
>Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
>Bug reporting:         http://cygwin.com/bugs.html
>Documentation:         http://cygwin.com/docs.html
>FAQ:                   http://cygwin.com/faq/




--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Bug reporting:         http://cygwin.com/bugs.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/