Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Distribution: Mac OS X Leopard 10.6.2, Windows 2003 Server/Vista/7/XP/2000/NT/98, Ubuntux64, CentOS4.8/5.4
Posts: 2,986
Rep:
Cannot get SSH Tunneling working
I understand the concept of SSH Tunneling and forwarding, but I can't get it to work! I have read a few resources on the internet but I cannot seem to get it to work.
For example, I tried connecting to a simple VNC server following the below instructions from the website:
Windows XP -> Linux (Ubuntu) -> Windows 2000 (vnc server)
I'm a little confused because is the tunnel only being created for the PuTTY application, meaning I cannot launch external applications to use the SSH tunnel?
My VNC server is working 100% fine as I am able to VPN into my remote office and launch the vnc client.
I'm a little confused because is the tunnel only being created for the PuTTY application, meaning I cannot launch external applications to use the SSH tunnel?
You'll want a professional view too, but as I understand it, the SSH program takes use of the tunnelling, and programs launched from the SSH session use the SSH tunnelling. This is because I often run programs like Mathematica over SSH, and X11 forwarding works; ok, you probably mean other kind of port forwardings/tunnellings, but it's an example.
It is very possible to do, if it is failing you must have some misconfiguration.
In short, the security comes from the fact that you're onto your home network through SSH, so all traffic is encrypted, which is beautiful. Putty gets configured so that anything hitting port 5901 on localhost (the machine running putty) gets bounced through the SSH tunnel and comes out the other side, redirected from port 5901 to a given IP address (on the home LAN) at port 5900.
A simple way to test would be to open a cmd prompt on the client with putty running, and type telnet localhost 5901. if all is configured well, you'll get a response from the VNC server on your LAN. It will look something like this:
Code:
jim@jimsworktop:~$ telnet hidden.domain.name 5900
Trying 12.34.56.78...
Connected to hidden.domain.name.
Escape character is '^]'.
RFB 003.008
That was done to a real server running VNC without the benefit of going through a SSH tunnel, so I telneted direct to 5900. In your case, you would want to test it at 5901.
If you don't get that RFB something code on the telnet, then the part on the webpage with red circles 5, 6, and 7 is the issue. You need to have the syntax exact. The localport should be 5901, and the destination (say the VNC server is 192.168.1.10) must be 192.168.1.10:5900.
Write back if the problems persist, and we'll get it fixed.
Distribution: Mac OS X Leopard 10.6.2, Windows 2003 Server/Vista/7/XP/2000/NT/98, Ubuntux64, CentOS4.8/5.4
Posts: 2,986
Original Poster
Rep:
JimBass, I am still getting confused about SSH tunneling. I gave up on the VNC idea and switched to using Remote Desktop Connection. The physical topology has not changed and I am trying to do this with Putty and it's not working.
I set up a tunnel in Putty.
Soure Port: 3389
destination: 192.168.1.2:3389
Then when I SSH to the remote linux server, I fire up up RDP on my local Windows XP and connect to the address: 192.168.1.2. But of course, it just times out. When I use OpenVPN it works fine.
Ok, the problem is in that address. You can't remote desktop to the the address 192.168.1.2, because that address is outside the network stack's ability to handle.
If you follow his instructions (on the martybugs.net page), you wouldn't connect to 192.168.1.2, you'd connect to localhost! Also, as there is some issue with rdp being crappy, which is why he posts the thing about using 127.0.0.2 for rpd.
You never point the client on your machine (regardless of it is it VNC or rdp) at the actual address of the farside machine, you always point it at localhost, and allow putty to reach it to 192.168.1.2 on its own.
VNC is easier, but again, you don't tell VNC to connect to 192.168.1.2, you tell it to connect to localhost:1, which maps to 5901, which goes across the tunnel, comes out the other side at 192.168.1.2 at port 5900, and all is well. You're basically putting the cart before the horse, and wondering why the cart doesn't pull the horse.
Are you connected to the firewall/router machine through putty? That would be the only problem I can see. I would suggest trying vnc, just to see if it makes any difference.
Distribution: Mac OS X Leopard 10.6.2, Windows 2003 Server/Vista/7/XP/2000/NT/98, Ubuntux64, CentOS4.8/5.4
Posts: 2,986
Original Poster
Rep:
Quote:
Originally Posted by JimBass
Are you connected to the firewall/router machine through putty? That would be the only problem I can see. I would suggest trying vnc, just to see if it makes any difference.
Peace,
JimBass
Great news is that VNC works with the tunneling in PuTTy. I got RDP to work with this webpage:
I'm not familiar with RDP from windows. Do you have the ability to send the client to a different port? If so, do exactly what acid kewpie wrote, set the port to 1234, and use the tunnel within putty to map 1234 at localhost to 192.168.1.2 port 3379.
If you can't control the port for rdp, you're probably out of luck. I did notice that the martybugs page is from early 2006, so it is possible that the people at microsoft changed something in the execution of rdp to make using it across a ssh tunnel impossible, although that seems like much work for little if any gain on their part.
If you can control the port that the rdp client tries to connect to, set it to connect to localhost:1234, and let putty translate that across the tunnel to 192.168.1.2:3379, and you should be in business.
Just for my own curiosity, why rdp over vnc? Is rdp in any way superior? The few times I have seen it used it seems just like vnc.
Distribution: Mac OS X Leopard 10.6.2, Windows 2003 Server/Vista/7/XP/2000/NT/98, Ubuntux64, CentOS4.8/5.4
Posts: 2,986
Original Poster
Rep:
JimBass, I got it working (you must've caught me after my edit).
I like RDP because it is secure and encrypted, plus it is already installed on all my Windows XP workstations. I just ask the remote user to click a checkbox that allows me remote access. I know that VNC can be encrypted and I was doing that for awhile using UltraVNC with the RC4 encryption.
I don't know how feasible it would be to map a drive across the tunnel. I suppose you could map the port across the ssh link, but I think the performance across the public net portion of the connection would make using it tough.
you can just specifiy a port number on the command line, 192.168.1.1:1234 easy enough. i use rdp as it's there ready and waiting, and within linux find the rdesktop client vastly nicer than the standard vncclient and such like. i've also never had to enable compression or anything in theat vein...
Distribution: Mac OS X Leopard 10.6.2, Windows 2003 Server/Vista/7/XP/2000/NT/98, Ubuntux64, CentOS4.8/5.4
Posts: 2,986
Original Poster
Rep:
Quote:
Originally Posted by acid_kewpie
you can just specifiy a port number on the command line, 192.168.1.1:1234 easy enough. i use rdp as it's there ready and waiting, and within linux find the rdesktop client vastly nicer than the standard vncclient and such like. i've also never had to enable compression or anything in theat vein...
Whoops, you are correct! You don't need compression. I just followed that one website's guide and it told me to enable compression. Is there any downside to enabling compression and saving on bandwidth? The remote site I use has a slow 384Kbps DSL connection.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.