Whoo, this article is going to a bit of a mess but to someone out there very distant it will make complete sense to them – to this person (even if it is myself in a year from now) is why I am writing the article.
So I use VNC almost every day. It is a great, powerful, and free tool. Usually I use it in a reverse vnc fashion. I open up the port 5500 on my firewall/router and then all of my clients no matter where they are can “right click, add new client” as they know it – weather or not they have corporate firewalls ports opened/closed. It’s great!
Well this week I moved into a second office in NYC where I will be working several or all days of the week – and I do not have my own internet access or even access to the corporate firewall here. So I cannot open ports on the firewall here to let my clients connect to me from all abroad.
I knew there was an “easy” solution – one that I thought would take 5 minutes to implement – of course I am writing this after 6 hours of trying, failing, repeat! But I did get it to work and it’s pretty cool!
Basically I have 4 pieces to the puzzle:
-My Desktop
-Firewall
-Linux Server on the internet
-End User
On my desktop I set up a Remote Port forwarding to the linux machine via ssh.
ssh me@mymachine.com -R 5500:localhost:5500
This got me through the firewall and onto my linux machine. It basically says any data from port 5500 on the linux machine send to my desktop.
I quickly connected to the server via ssh and tried it:
[root@backup ~]# telnet localhost 5500
Trying 127.0.0.1...
Connected to localhost.localdomain (127.0.0.1).
Escape character is '^]'.
AWESOME!!! It worked – or so I thought. Then I went to an end user machine out there on the very big internet and tried from them:
[me@some-other-very-far-machine ~]$ telnet mymachine 5500
Trying xx.xxx.xxx.xxx...
telnet: connect to address xx.xxx.xxx.xxx: Connection refused
telnet: Unable to connect to remote host: Connection refused
What the heck? I was stumped. I then figured out that the port forwarding was limiting sending data only from the local interface to the local port forwarding. What I wanted to do was cross the external interface with the internal interface. After a few hours of trying all crazy iptables rules I finally figured it out. It requires no iptable rules and a simple text edit to /etc/ssh/sshd_config and it is:
GatewayPorts no
change to
GatewayPorts yes
Thank you for your post – it’s exactly what I need. Just for the sake of clarity – must you change sshd_config on the “Linux Server on the internet” or your local desktop box?
Hey,
Made complete sense to me. Helped me out with something I’ve been pondering over for the last few hours. Thanks.
Linux server on the internet.
You’re the man, this is exactly what i needed. I’ve been struggling at that last step. Had to put it away for a few months, now i’m so glad to have found your post.