reverse tunnel query

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
I want to access the windows desktop running (tightVNC) next to the
linux server at work (NTGHICU1). I can connect from the linux box to
the windows machine

NTGHICU1 ~ # telnet 5900
Connected to
Escape character is '^]'.
RFB 003.003

i then setup a reverse tunnel to the home machine (grenada)

ssh -R 5910: xx.xx.xx.xx

and connect to the home end of the tunnel

grenada ~ # telnet localhost 5910
Connected to localhost.
Escape character is '^]'.
RFB 003.003

grenada tmp # lsof |grep 5910
sshd      21296   root    8u     IPv4    1225398                 TCP
localhost:5910 (LISTEN)
grenada tmp # netstat |grep 5910
tcp        0      0 localhost:5910          localhost:4320
grenada tmp #

but I cant connect from a LAN client

dads tmp # telnet grenada 5910
telnet: Unable to connect to remote host: Connection refused
dads tmp #

shorewall is the firewall

grenada tmp # grep ^[A-Za-z0-9\ ] /etc/shorewall/rules
ACCEPT          loc             $FW             tcp     10000
Web/ACCEPT  net       $FW
Web/ACCEPT  loc       $FW
SMB/ACCEPT      $FW      loc
SMB/ACCEPT      loc      $FW
DNS/ACCEPT      $FW             net
DNS/ACCEPT      loc             $FW
SSH/ACCEPT      loc             $FW
SSH/ACCEPT      net             $FW
ACCEPT          loc             $FW     tcp     24
Webmin/ACCEPT   loc             $FW
Ping/ACCEPT     loc             $FW
ACCEPT          loc             fw              udp     67,68
ACCEPT          net             $FW             tcp     23
ACCEPT          net             $FW             tcp     5910
ACCEPT          loc             $FW             tcp     5910
grenada tmp # iptables -L |grep 5910
ACCEPT     tcp  --  anywhere             anywhere            tcp
ACCEPT     tcp  --  anywhere             anywhere            tcp
grenada tmp #  

not sure where to look to sort this out

Re: reverse tunnel query

You need to configure sshd to bind all interfaces for a reverse
forwarding, not just the loopback (gatewayports=yes).

  Richard Silverman

Site Timeline