Do you have a question? Post it now! No Registration Necessary. Now with pictures!
August 20, 2003, 12:57 pm
rate this thread
ssh -L ssh -L ssh -L
VNC --> SLIGHTLY ---> GATEWAY/FIREWALL ---> VNC SERVER
CLIENT SECURE MACHINE
(A) (B) (C) (D)
an ssh tunnel between A through D port forwarding all the way to the vnc
server is opened. A can then open a VNC viewer on localhost:port.
now recently, i tweaked with my firewall. i did not beef up the security
anyway other than restricting access to a smaller number of hosts on the
internet. as soon as i run my firewall script, the VNC setup above stops
working. i really can't make head or tail about whats happening. the
error i get is something like "channel 2/4: open failed:
i have done some searching around on this group and elsewhere and people
with similar problems (esp that error message) seem to have not clearly
written how they resolved it. i did some debugging myself and here is
what i got.
a portscan of A, B and D gives a result something like this:
Interesting ports on localhost (127.0.0.1):
(The 1597 ports scanned but not shown below are in state: closed)
Port State Service
22/tcp open ssh
5801/tcp open vnc-http-1
5901/tcp open vnc-1
6001/tcp open X11:1
but C does not give anything related to vnc or X11. i haven't checked
portscan when VNC was actually working. but i believe C is somehow
preventing the 59xx and 6xxx ports from opening, although i don't seem
to have done anything specific to accomplish that feat. now how can i
reverse this? my guess is i have to add something to the firewall script
(which is a normal rc.firewall on an rh7.3).
any help appreciated.
Research Assistant (Software Engineering)
University of Nebraska - Lincoln
Fingerprint: 0148 002F 3E97 C404 965E 4ACC EFC1 A650
- » protocol question - issue with exit-status inside unfinished data stream?
- — Newest thread in » Secure Shell Forum