LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 11-19-2015, 02:42 PM   #1
mfoley
Senior Member
 
Registered: Oct 2008
Location: Columbus, Ohio USA
Distribution: Slackware
Posts: 2,588

Rep: Reputation: 179Reputation: 179
How to tunnel with firewall


I'm trying to use putty as a ssh tunnel to Linux for VNC. There are lots of howtos on that showing the putty configuration, but my wrinkle is this: between my home Windows computer and the linux host I want to connect to is a firewall. Port 22 is restricted. I have other ports available on the firewall, but not 22. How do I set up putty?

btw I am currently working this connection just fine (without SSL/SSH) by having my VNC viewer connect to myfirewall.com:1234 and the firewall/router redirects that to 5900 on the correct workstation. Now - to get that working with putty!
 
Old 11-19-2015, 04:21 PM   #2
michaelk
Moderator
 
Registered: Aug 2002
Posts: 25,761

Rep: Reputation: 5931Reputation: 5931Reputation: 5931Reputation: 5931Reputation: 5931Reputation: 5931Reputation: 5931Reputation: 5931Reputation: 5931Reputation: 5931Reputation: 5931
PuTTy is just an ssh client that connects to the ssh server on the linux host. If port 22 is restricted then you can change ssh to run on a different port in the /etc/ssh/sshd_config file. Then it is just a matter of following the howtos. Once it is working be sure to delete the 5900 redirect.

Does your ISP restrict port 22?
 
Old 11-23-2015, 10:45 PM   #3
mfoley
Senior Member
 
Registered: Oct 2008
Location: Columbus, Ohio USA
Distribution: Slackware
Posts: 2,588

Original Poster
Rep: Reputation: 179Reputation: 179
Quote:
Then it is just a matter of following the howtos ...
Well, no. If it was just a matter of following the howtos I'd have done it by now. Maybe it's simple, but I'm just not seeing it.

On putty, I've tried:

Session - host name: mydom.com, port 1234

Connection > SSH > Tunnels - source port: 5900, destination mydom.com:1234

The Firewall at mydom.com has 1234 routed to 5900 on host myworkstation

This doesn't work. On myworkstation I have x11vnc running at the command line so I can see everything. I can see activity, but no connection. See below. I can connect without the tunnel, but of course, no ssh security.

What am I doing wrong?

x11vnc output:
Code:
23/11/2015 23:35:23 Got connection from client 76.181.65.196
23/11/2015 23:35:23   other clients:
23/11/2015 23:35:23 Normal socket connection
23/11/2015 23:35:23 incr accepted_client=1 for 76.181.65.196:55759  sock=11
23/11/2015 23:35:23 created   xdamage object: 0x120004f
23/11/2015 23:35:23 copy_tiles: allocating first_line at size 76
23/11/2015 23:35:40 cutbuffer_send: no send: uninitialized clients
23/11/2015 23:35:43 Got connection from client 76.181.65.196
23/11/2015 23:35:43   other clients:
23/11/2015 23:35:43      76.181.65.196
23/11/2015 23:35:43 Normal socket connection
23/11/2015 23:35:43 denying additional client: 76.181.65.196:55782
23/11/2015 23:35:43 Client 76.181.65.196 gone
23/11/2015 23:35:43 Statistics             events    Transmit/ RawEquiv ( saved)
23/11/2015 23:35:43  TOTALS              :      0 |         0/        0 (  0.0)
23/11/2015 23:35:43 Statistics             events    Received/ RawEquiv ( saved)
23/11/2015 23:35:43  TOTALS              :      0 |         0/        0 (  0.0%)
 
Old 11-24-2015, 12:24 AM   #4
berndbausch
LQ Addict
 
Registered: Nov 2013
Location: Tokyo
Distribution: Mostly Ubuntu and Centos
Posts: 6,316

Rep: Reputation: 2002Reputation: 2002Reputation: 2002Reputation: 2002Reputation: 2002Reputation: 2002Reputation: 2002Reputation: 2002Reputation: 2002Reputation: 2002Reputation: 2002
From this output I'd say that the tunneling works, but something's wrong on the server (i.e. the workstation).

Code:
23/11/2015 23:35:43 Got connection from client 76.181.65.196
23/11/2015 23:35:43   other clients:
23/11/2015 23:35:43      76.181.65.196
....
23/11/2015 23:35:43 denying additional client: 76.181.65.196:55782
23/11/2015 23:35:43 Client 76.181.65.196 gone
As if you were connected already, and the vncserver didn't want a second connection from the same client. Or perhaps this IP address refers to mydom.com.
 
Old 11-24-2015, 05:57 AM   #5
michaelk
Moderator
 
Registered: Aug 2002
Posts: 25,761

Rep: Reputation: 5931Reputation: 5931Reputation: 5931Reputation: 5931Reputation: 5931Reputation: 5931Reputation: 5931Reputation: 5931Reputation: 5931Reputation: 5931Reputation: 5931
Try this:
1. Delete the forward port rule 1234 -> 5900 on your router.
2. Configure your ssh server for the desired port in your /etc/ssh/sshd_config file and restart sshd.
3. Configure your router for the same port (in and out).
4. Configure the PuTTy session for the same port.
5. Configure PuTTy ssh tunneling, source port 5900 and destination with 127.0.0.1:5900
6. Be sure to save the session
7. Start PuTTy and when connected minimize the window.
8. Start the desired VNC viewer and use 127.0.0.1:5900 as the server. You should be able to login with your username and password.

Future task would be to setup up keys if not already accomplished.

Last edited by michaelk; 11-24-2015 at 06:00 AM.
 
  


Reply

Tags
putty, tunneling, vnc


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
IPSec Tunnel AWS VPC <-> openSwan CentOS 6.6 Tunnel up, no traffic cojafoji Linux - Server 10 07-09-2015 08:07 AM
how to know if the traffic via IPSEC tunnel is encrypted and tunnel working Gil@LQ Linux - Security 3 09-06-2013 05:02 AM
Strongswan - IPsec tunnel - can we have one way tunnel vishalwithme Linux - Networking 4 04-05-2012 12:07 AM
[SOLVED] Firewall restrictions on sock5 tunnel forwarding (through ssh) investor_me Linux - Networking 3 09-09-2009 07:29 PM
VNC SSH tunnel firewall problem bitpail Linux - Networking 2 11-02-2006 08:37 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 03:59 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration