Port Forwarding

Rick Stevens rstevens at vitalstream.com
Tue Nov 2 17:47:08 UTC 2004 

Bob McClure Jr wrote:
> On Mon, Nov 01, 2004 at 06:15:55PM -0700, brad.mugleston at comcast.net wrote:
> 
>>Thanks Rick, I knew I got carried away with the X's but they are 
>>eaiser to type than a number 8^)
>>
>>Next question (my son, Derek, hasn't had the time to try to log 
>>in - school, girls, work, girls, etc) From home I can VNP into 
>>work then just use my Remote viewer to look at any computer I 
>>want.  We have 5 computers networked here at home is it possible 
>>to have him hit any of those without me having to change the 
>>Linksys forwarding?
>>
>>Thanks again,
>>
>>Brad
> 
> 
> If I may step in, the answer is "sort of".  What he can do is SSH to
> your Linux box, and then SSH from there to any other machine on the
> internal network.

What Bob says is correct.  You can only port forward to one IP.  Once
you've gotten onto that machine, you can go anywhere on the network that
machine can.

> I use a cast-off machine running Linux as my firewall, so I have it
> pick up all SSH.  I SSH to my firewall, then SSH to any other machine
> on the network from there.  That means that file copies are two-stage
> operations, which is inconvenient, but doable.
> 
> Perhaps you could set up a tunnel with the first machine, and then
> tunnel through the tunnel to get to the other machines.  I've not
> tried anything that complex because I haven't needed it.  Rick can
> doubtless elucidate further.

If you use VNC tunneling (at the remote end, you do "vncviewer -via"),
you can think of it as the console for that machine has magically been
transported to the remote user.  He's on your machine as if he were in
the house sitting in front of the main console.

Now, also note that if you did:

	# su son's-username
	# Xvnc               or # vncserver

you've actually created a second X server instance that's simply waiting
for some hardware to display on.  The "vncviewer -via host host:1"
specifies connecting to this second X display (that's what the ":1" bit
is).

You can, under RH9, FC1 and FC2, share the MAIN console (or ":0").  This
is done by editing the XFree86.conf or xorg.conf file and adding these
lines to the appropriate spots in the config file:

	In the 'Section "Module"' part:
		Load "vnc"

	In the 'Section "Screen"' part:
		Option      "passwordFile" "/path/to/vnc/passwd/file"

The "/path/to/vnc/passwd/file" should point at a file that contains an
encrypted VNC password.  This can be created by use of the vncpasswd
program:

	vncpasswd /path/to/vnc/passwd/file

Normally, the password file is "$HOME/.vnc/passwd", but if you're
sharing the primary display, it's best to use a centralized one that's
not dependent on a given user's home directory.
----------------------------------------------------------------------
- Rick Stevens, Senior Systems Engineer     rstevens at vitalstream.com -
- VitalStream, Inc.                       http://www.vitalstream.com -
-                                                                    -
-  You know the old saying--any technology sufficiently advanced is  -
-               indistinguishable from a Perl script                 -
-                                 --Programming Perl, 2nd Edition    -
----------------------------------------------------------------------

More information about the Redhat-install-list mailing list