LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
Search this Thread
Old 05-11-2004, 04:50 PM   #1
c_mitulescu
Member
 
Registered: Nov 2003
Location: London
Distribution: Ubuntu
Posts: 35

Rep: Reputation: 15
Question how to m$ win client+firewall to linux sshd and use linux to access the M$ computer


Hi,
I was wondering how can I connect from my home computer(Mandrake Linux 10) which is acting as an sshd server to my work computer(WinXP) acting as ssh client and behind a firewall on the company network?
I usually connect from work to my Linux machine with ssh+putty+vnc but the Windows machine can not be configured in the same way(installing openssh server) as I am not admin and at work our network is behind a firewall.
I recall years ago when I was in University and behind a firewall I allowed a guy(outside the network) to connect to my computer by initiating an ssh connection to his ssh server and then he could connect to me.

I would like to do this in order to transfer files from home to work. Thanks
 
Old 05-11-2004, 04:59 PM   #2
david_ross
Moderator
 
Registered: Mar 2003
Location: Scotland
Distribution: Slackware, RedHat, Debian
Posts: 12,047

Rep: Reputation: 64
You wouldn't need the server on the inside.

1) Start a vnc server on your work machine.
2) Remember to set a vnc password and allow loopback connections.
3) Using putty edit the configuration to forward a remote port of 5900 (assuming you don't have a vnc server running on the Mandrake box) and use a local ip and port of "127.0.0.1:5900".
4) Connect to the makdrake box (you may want to save this profile in putty). Once you are logged in you can confirm that the port has been forwarded with:
netstat -nlp | grep 5900
5) When you are at home on your Mandrake box run:
vncviewer 127.0.0.1

This should give you a vnc window to your work machine. You will need to leave the work machine running with putty - since you probably don't want to leave it running and logged into a shell you might want to set the putty options not to start a shell.

VNC is quite a network intensive protocol so if you have an rdp or citrix server on the windows box it would be a bit quicker.

Last edited by david_ross; 05-11-2004 at 05:03 PM.
 
Old 05-11-2004, 05:05 PM   #3
c_mitulescu
Member
 
Registered: Nov 2003
Location: London
Distribution: Ubuntu
Posts: 35

Original Poster
Rep: Reputation: 15
But how would I transfer files from home from/to linux to work?
 
Old 05-11-2004, 05:12 PM   #4
david_ross
Moderator
 
Registered: Mar 2003
Location: Scotland
Distribution: Slackware, RedHat, Debian
Posts: 12,047

Rep: Reputation: 64
You could use ftp or scp (winscp). I didn't actually notice that you just wanted to transfer files - my mistake. If you just want to transfer files then qutie similar to the above:

1) Start an ftp server on your work machine (there are quite a few decent free ones for windows).
2) Add an ftp user to the server.
3) Using putty edit the configuration to forward a remote port of 10021 (since you probably have ftp server running on the Mandrake box) and use a local ip and port of "127.0.0.1:21".
4) Connect to the makdrake box (you may want to save this profile in putty). Once you are logged in you can confirm that the port has been forwarded with:
netstat -nlp | grep 10021
5) When you are at home on your Mandrake box you can ftp with:
ftp 127.0.0.1:10021

Or use any ftp client with host "127.0.0.1" and port "10021".
 
Old 05-11-2004, 07:13 PM   #5
rossd
LQ Newbie
 
Registered: May 2004
Distribution: Slackware
Posts: 4

Rep: Reputation: 0
ssh port forwarding is both, from a security perspective, both a blessing and a nightmare. The nightmare comes from the fact that anyone, with a little bit of knowledge, can completely circumvent any firewall that allows outbound SSH connections. Well, actually, any firewall that allows *any* outbound tcp connections can be tunneled through.

The basic idea is that I ssh from behind the firewall to some box 'on the outside.' While I am doing it, I tell the 'outside' machine to listen on any arbitrary port, and 'forward' that data across the existing ssh connection to any arbitrary port on any other machine. For example, when I worked as a System Administrator at a larger corporation that had no external connectivity, I used an ssh connection from my Linux desktop at the office to a Linux server I ran at home. By doing that, I could 'telnet' to a given host on my local box and end up on my desktop at work as if I had connected to it directly.

Now before any of you security buffs out there jump on me for using telnet - keep in mind that this is getting tunneled through an already encrypted ssh connection. So the unencrypted telnet data never exists outside of the TCP/IP stack on each box. Of course, I could have forwarded SSH connections - but why use ssh to encrypt and already ssh-encrypted connection, eh?
 
Old 05-12-2004, 10:20 AM   #6
c_mitulescu
Member
 
Registered: Nov 2003
Location: London
Distribution: Ubuntu
Posts: 35

Original Poster
Rep: Reputation: 15
if the ssh connection from the ms win computer to my home linux is done with userx(user of linux machine) then can I use the tunnel from home if I am logged in to my linux box as usery?
Also if I stop my samba server on my linux box could I connect to my shared directory on the windows computer?
Any details on how that would be achieved would be of great help.
Thank you.
ps I can not install any servers such as the ones suggested in the replies eg FTP,VNC on the work machine
 
Old 05-12-2004, 02:00 PM   #7
LuggerHouse
Member
 
Registered: May 2004
Location: Montreal,QC,Canada
Distribution: Fedora Core 7
Posts: 208

Rep: Reputation: 30
HUmmmmmmmmmm... I wish you dont work at me company ;-)
 
Old 05-14-2004, 01:56 PM   #8
c_mitulescu
Member
 
Registered: Nov 2003
Location: London
Distribution: Ubuntu
Posts: 35

Original Poster
Rep: Reputation: 15
Red face

I think I'm safe as the entire IT department 1xIT director + 1xIT manager +1xIT support/friend of IT manager(who got the IT job instead of me) spend their entire time on the phone to microsoft/dell purchasing licences and getting support for their daily point and click activity(describing their job in the nicest possible way). SSwhat? Liwhat? Open what?
Incredible how all of them have years of "experience" and the best solution they can come up with(through tunnel vision) is calling Dell to ask what M$ product they can throw some tens of thousands of pounds at to have a simple intranet solution.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Remote access a Linux computer using another Linux computer sceadu Linux - General 10 05-19-2006 10:32 PM
Linux Firewall with a computer Dark_Sniper* Linux - Networking 1 10-19-2005 12:49 AM
internet sharing, linux client, win server... huzzzo Linux - Networking 3 08-21-2005 03:30 PM
Internet is slower on my win computer than on my linux computer eXor Linux - Networking 1 12-03-2004 09:58 AM
Lan authontication-(win client, linux server) sixth_sense Linux - Networking 6 03-26-2004 08:42 AM


All times are GMT -5. The time now is 01:27 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration