ssh and vnc port forwarding

ssh and vnc port forwarding
Secure Home | Search | About
Login Password
Register Now! Lost Password?
 Networking Firewalls    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content add this group's latest topics to your Google content
Subject Author Date
ssh and vnc port forwarding Christian Bongiorno 03-11-2005
Posted by Christian Bongiorno on March 11, 2005, 9:11 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
Ok, I have been all over the net and it seems this trick has been tried
and can succeed.

I am trying to tunnel a VNC session through a secure shell. What I have
are 2 windows XP boxes and a linux server in the middle for the shell.

I establish a tunnel for the server localhost:5900 and tell it to
forward to 5900 on the linux machine. Client Establishes an outbound
tunnel to 5900 on linux machine:

vncserver (listen 5900) <---linux (listen 5900) <-- vncclient (5900)

Here is what blows my mind: I could easily believe I misconfigured
something if it wasn't for the fact that I can

telnet localhost 5900

And I actually get VNC connection handshaking (RFB 003.003)!

Obviously the tunnel is working correctly.
One more thing to point out: when I try and use the viewer to connect
to loopback:0 (or 127.) I get an error telling me loopbac is disabled.

What am I missing?

Christian
http://christian.bongiorno.org/resume.PDF


Posted by Pierre Asselin on March 12, 2005, 6:08 pm
If you were  Registered and logged in, you could reply and use other advanced thread options

> [ ... ] Obviously the tunnel is working correctly.
> One more thing to point out: when I try and use the viewer to connect
> to loopback:0 (or 127.) I get an error telling me loopbac is disabled.

> What am I missing?

You have to edit a registry entry before the Windows VNC viewer will
accept to talk to its own machine. I forget the details, so read
the online help.

Alternative: try tunnelling (windows tcp:5901) to (linux tcp:5900)
and run the VNC viewer to "localhost:1". That may work without
a registry tweak.

--
pa at panix dot com


Posted by Samjack on March 13, 2005, 6:58 am
If you were  Registered and logged in, you could reply and use other advanced thread options
There is an older step by step guide in PDF format at the link below. I
think it covers the loopback settings. You definitely need to check that
setting as it sounds like that is all you are missing.
http://www.starinfosec.com/gsec/ExerciseSupplemental-Cygwin-VNC.pdf

You can also read my article on hotspot tunneling in the latest 2600
magazine that covers the concepts behind routing through the ssh tunnel.
Good for protecting your traffic when on public hotspots.

> Ok, I have been all over the net and it seems this trick has been tried
> and can succeed.
>
> I am trying to tunnel a VNC session through a secure shell. What I have
> are 2 windows XP boxes and a linux server in the middle for the shell.
>
> I establish a tunnel for the server localhost:5900 and tell it to forward
> to 5900 on the linux machine. Client Establishes an outbound tunnel to
> 5900 on linux machine:
>
> vncserver (listen 5900) <---linux (listen 5900) <-- vncclient (5900)
>
> Here is what blows my mind: I could easily believe I misconfigured
> something if it wasn't for the fact that I can
>
> telnet localhost 5900
>
> And I actually get VNC connection handshaking (RFB 003.003)!
>
> Obviously the tunnel is working correctly.
> One more thing to point out: when I try and use the viewer to connect to
> loopback:0 (or 127.) I get an error telling me loopbac is disabled.
>
> What am I missing?
>
> Christian
> http://christian.bongiorno.org/resume.PDF




Posted by Marc Herrmann on March 18, 2005, 11:15 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
> Ok, I have been all over the net and it seems this trick has been tried
> and can succeed.
>
> I am trying to tunnel a VNC session through a secure shell. What I have
> are 2 windows XP boxes and a linux server in the middle for the shell.
>
> I establish a tunnel for the server localhost:5900 and tell it to
> forward to 5900 on the linux machine. Client Establishes an outbound
> tunnel to 5900 on linux machine:
>
> vncserver (listen 5900) <---linux (listen 5900) <-- vncclient (5900)
>
> Here is what blows my mind: I could easily believe I misconfigured
> something if it wasn't for the fact that I can
>
> telnet localhost 5900
>
> And I actually get VNC connection handshaking (RFB 003.003)!
>
> Obviously the tunnel is working correctly.
> One more thing to point out: when I try and use the viewer to connect
> to loopback:0 (or 127.) I get an error telling me loopbac is disabled.
>
> What am I missing?
>
> Christian
> http://christian.bongiorno.org/resume.PDF

On certain VNC version loopback connections are disabled for some
reasons. I have seen a VNC installation recursivly reconnecting to it's
own server, which is not really what you want.

I am reguarly using TightVNC V1.3dev5 (unstable) on my XP-NB, and
nearly every day, i'm tunneling VNC thru firewalls, and it really works
great

P.S.

for the above mentionened, i'm using this type of tunnel:

        "ssh -L 5900:remote-vnc-machine:5900 user@remote-server-host".



Similar ThreadsPosted
iptables port forwarding - port is filtered, needs to be open March 11, 2005, 4:15 pm
Why is port forwarding more secure than opening up a port? December 16, 2004, 1:03 pm
port forwarding/ opening port November 2, 2005, 11:03 am
pix + port forwarding September 26, 2005, 3:34 pm
Port forwarding... December 16, 2007, 3:25 pm
How safe is port forwarding? July 16, 2004, 6:46 pm
Port forwarding on a speedtouch 510? August 6, 2004, 2:30 am
Port Forwarding - The Risks? December 20, 2004, 12:35 am
port forwarding problem March 8, 2005, 2:29 pm
port forwarding with 2 routers in a row March 19, 2005, 8:45 am

The site map in XML format XML site map

Contact Us | Privacy Policy