Tunneling a protocol over ssh

bscott at ntisys.com bscott at ntisys.com
Fri Nov 7 09:36:12 EST 2003 

On Fri, 7 Nov 2003, at 8:06am, fj1200 at comcast.net wrote:
> Yes I do have a firewall at home.....
> 
> all systems are connected via a linksys router/fierwall

  Ah.  Well, that changes things.

> No, I am OK with putty on the Win2k box at work end
> 
> It is at the private IP 192.168..............  of my linux box that I am
> not sure about...

  Well, that IP address is, as you say, private.  So you will need to
forward TCP port 22 (SSH) on your home router to your home Linux box.  For
example, if your home Linux box has IP address 192.168.1.5, you will need to
create a port forwarding rule on the LinkSys router that forwards TCP port
22 from outside to 192.168.1.5.

  Note that you cannot be using the LinkSys's DHCP server to assign internal
IP addresses for this to work; you need a static IP address on the Linux
box.

  Once that is done, you just follow the same procedure I described earlier.

> I want to be able to see my linux desktop on my Win2k box at work....  or
> even my linux boxes at work

  Most Linux distributions use OpenSSH.  Assume for sake of example that
your have public IP address 206.112.112.85 on your LinkSys router (and that
you have the port forwarding rule in place).  Assume again that we are using
VNC display :1 (TCP port 5901).  The command would be:

	ssh -L 5901:localhost:5901 206.112.112.85

  What that does is say "forward port 5901 on the local computer, via SSH to
206.112.112.85, to remote host localhost, remote port 5901".  Since you're
trying to connect to the Linux box that is hosting the SSH session, you just
tell the remote end to forward your connections to itself.

  If you wanted to use SSH to forward to another home PC (say, 
192.168.1.15), then the command would be:

	ssh -L 5901:192.168.1.15:5901

  The port numbers don't have to be the same, either.  For example, say you 
had a web server running on 192.168.1.15 on the standard TCP port 80.  You 
could forward port 8080 on your work computer, through your Linux box 
running SSH, to that computer, with this:

	ssh -L 8080:192.168.1.15:80

You could then tell the browser on your work computer to connect to

	http://localhost:8080

which would end up being forward via SSH, through port forwarding on the
LinkSys to your Linux box at home, and then to that web server at a
different IP address and port number.

-- 
Ben Scott <bscott at ntisys.com>
| The opinions expressed in this message are those of the author and do  |
| not represent the views or policy of any other person or organization. |
| All information is provided without warranty of any kind.              |

More information about the gnhlug-discuss mailing list