Hi guys,

I'm trying to tunnel from my FC4 box through a firewall box (RH9, TCP forwarding is on) to a Windows 2000 server machine (on which I have deactivated the firewall and set VNC to allow incoming connections from the firewall box) so I can connect securely with VNC. Something is going wrong though. I make the tunnel like this:

ssh -vv -L 5901:192.168.1.112:5900 root@firewall

This is the verbose output:

...
debug2: we sent a password packet, wait for reply
debug1: Authentication succeeded (password).
debug1: Local connections to LOCALHOST:5901 forwarded to remote address 192.168.1.112:5900
debug1: Local forwarding listening on 127.0.0.1 port 5901.
debug2: fd 4 setting O_NONBLOCK
debug1: channel 0: new [port listener]
debug1: Local forwarding listening on ::1 port 5901.
debug2: fd 5 setting O_NONBLOCK
debug1: channel 1: new [port listener]
debug1: channel 2: new [client-session]
debug2: channel 2: send open
debug1: Entering interactive session.
debug2: callback start
debug2: client_session2_setup: id 2
debug2: channel 2: request pty-req confirm 0
debug2: channel 2: request shell confirm 0
debug2: fd 3 setting TCP_NODELAY
debug2: callback done
debug2: channel 2: open confirm rwindow 100000 rmax 16384
...

ok now the tunnel is connected.. I do a vncviewer localhost::5901

...
debug1: Connection to port 5901 forwarding to 192.168.1.112 port 5900 requested.
debug2: fd 9 setting TCP_NODELAY
debug2: fd 9 setting O_NONBLOCK
debug1: channel 3: new [direct-tcpip]
debug1: channel 0: free: port listener, nchannels 4
debug1: channel 1: free: port listener, nchannels 3
debug1: channel 2: free: client-session, nchannels 2
debug1: channel 3: free: direct-tcpip: listening port 5901 for 192.168.1.112 port 5900, connect from 127.0.0.1 port 41657, nchannels 1
Connection to 192.168.1.118 closed by remote host.
Connection to 192.168.1.118 closed.
debug1: Transferred: stdin 0, stdout 0, stderr 89 bytes in 86.8 seconds
debug1: Bytes per second: stdin 0.0, stdout 0.0, stderr 1.0
debug1: Exit status -1
...

And that's where it ends (and the connection to the firewall gets severed as well). Anybody got any ideas?

Cheers,
Tim

p.s. I can VNC into the machine normally from the one I'm trying to do this from (both are on the same side of the firewall at the moment but if I get it working I'll be coming in from the other side)

How about trying this command.
ssh -f -L 25903:127.0.0.1:5900 root@firewall sleep 10; vncviewer 127.0.0.1:25903:3

Brian1

That would forward the port from my own machine to my own machine would it not? I presume you mean

ssh -f -L 25903:192.168.1.112:5900 root@firewall sleep 10;

Even like this it does not work. What is the 3 on the end of vncviewer 127.0.0.1:25903:3 supposed to do? I think you may have the syntax wrong, it should be something along the lines of vncviewer [<OPTIONS>] [<HOST>][::<PORT#>]

Thanks anyway,

Tim