connection forwarding
Page 1 of 2 12 LastLast
Results 1 to 10 of 14

Thread: connection forwarding

  1. #1
    Member n00bius's Avatar
    Join Date
    Mar 2005
    Location
    texas
    Posts
    86

    connection forwarding

    Question: lets say I want to remote desktop to my machine over the internet, but I dont' want to do port forwarding. What's the easiest way to add authentication to the remote desktop, i.e. require ssh-like authentication for connections. Would it be possible to authenticate on a linux computer, and then have it pass the connection on?
    ...:::Pure Kn0wledge:::...

  2. #2
    Senior Member
    Join Date
    Jan 2003
    Posts
    3,914
    Quote Originally Posted by n00bius
    Question: lets say I want to remote desktop to my machine over the internet, but I dont' want to do port forwarding. What's the easiest way to add authentication to the remote desktop, i.e. require ssh-like authentication for connections. Would it be possible to authenticate on a linux computer, and then have it pass the connection on?
    I'm not sure I understand your question..

    You have computer X (at home, presumable behind a "home (NAT) router (Z)").
    You are on computer Y (somewhere in cyberspace, remote from X)

    You want to RDP from Y to X without forwarding the required RDP Port on Z?

    You're going to have to port forward something...

    Perhaps you're afraid of the security risk of opening up RDP to the world? Then you could do SSH tunneling. You'll have to port forward SSH to a SSH server though.

    You could also do a reverse SSH...

    It really depends on what machines you have where... what devices are between them, and what control you have over those devices.
    IT Blog: .:Computer Defense:.
    PnCHd (Pronounced Pinched): Acronym - Point 'n Click Hacked. As in: "That website was pinched" or "The skiddie pinched my computer because I forgot to patch".

  3. #3
    Member n00bius's Avatar
    Join Date
    Mar 2005
    Location
    texas
    Posts
    86
    well, to be more exact, I have a home network with computers X and Y connected to the internet, one has linux, and the other server 2003. I want to connect to the windows box through the internet using rdp. Would SSH tunneling allow me to connect through the internet, authenticate to the ssh server, and then forward the connection on to the windows box?
    ...:::Pure Kn0wledge:::...

  4. #4
    Senior Member
    Join Date
    Oct 2003
    Location
    MA
    Posts
    1,052
    If it is an SSH VPN that you are talking about then yes.

  5. #5
    Senior Member wiskic10_4's Avatar
    Join Date
    Jan 2004
    Location
    Corpus Christi, TX
    Posts
    254
    n00bius,

    You know what *I* would do? I'd mount the whole 2003 Server via Samba onto my *nix box in, say, "/mnt/2003Srvr" or wherever. I haven't done this in a while, and there will be permissions and what not you'll have to set up, but I know that I used to be able to control my home XP box through my home Slack box remotely this way...

    I dunno - just came to mind - maybe that's a way to go...

    -Wiski

    EDIT: Of course, this won't be RDP... but it's an easy way to SSH into your Windows box - sorta... I'm not sure what you're trying to accomplish - just thought I'd make a point... just things I think about ya know...

    EDIT: And also - why wouldn't you want to port forward? I mean, I never used RDP much (I'm partial to RealVNC - same concept, is it not? I'll research...) - but, is there not half-ass secure way of logging into a box running the RDP server? I mean... I dunno... I'm rambling... More information please...
    Last edited by wiskic10_4; February 28th, 2008 at 07:46 AM.
    My Corner of the Intarwebz: Jeremy Dean Online

  6. #6
    Keeping The Balance CybertecOne's Avatar
    Join Date
    Aug 2004
    Location
    Australia
    Posts
    660
    VPN would be your answer.

    If you port forward 3389 this allows you to connect to your PC via RDP but in most cases you will be forwarding the port to a specific IP. This allows <b>anyone</b> to access that private IP and logon to the computer if they know the username and password.

    If you setup a VPN (correctly) you will require a username and password for the VPN connection which will make you part of the internal network. From there you can RDP to any IP on that network and then enter the username and password for that machine.

    I can elaborate more but am rushed at the moment let me know if you want more info.

    [edit] In regards to your Linux Auth and pass on; Yes this is also possible but you will need to allow access to the linux box through the firewall anyway and so the machine you want to RDP to will need to be physically behind the Linux box in all connections. (Not just connected into the network via a switch, otherwise it becomes a security issue)

    The easiest way is to get yourself a good hardware firewall w/ VPN.... Cyberguard Snapgear 300 will do the trick nicely - but there are others
    [/edit]

    CTO
    Last edited by CybertecOne; February 28th, 2008 at 07:49 AM.
    "Any intelligent fool can make things bigger and more complex... It takes a touch of genius --- and a lot of courage to move in the opposite direction."
    - Albert Einstein

  7. #7
    AO übergeek phishphreek's Avatar
    Join Date
    Jan 2002
    Posts
    4,325
    I'd also go the VPN route. You can setup a VPN on either of your boxes.

    The 2003 server is easy enough to setup a VPN.
    http://technet.microsoft.com/en-us/l.../bb727041.aspx

    For linux, there are many implementations.
    http://openvpn.net/

    Once you have a VPN, you'll be able to access your internal home network's resources with ease. If you're reluctant to setup one of your internal hosts as the VPN server, then find some old hardware and use ipcop or something similar. http://ipcop.org/
    Quitmzilla is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.

  8. #8
    Senior Member
    Join Date
    Jan 2003
    Posts
    3,914
    I dunno that I'd recommend a VPN... that seems overkill...

    How about SSH Tunneling == http://www.ssh.com/support/documenta...Explained.html

    Or if it's always the same remote host, SSH to your Linux box and have a reverse SSH Tunnel going on... == http://www.ssh.com/support/documenta...Explained.html
    IT Blog: .:Computer Defense:.
    PnCHd (Pronounced Pinched): Acronym - Point 'n Click Hacked. As in: "That website was pinched" or "The skiddie pinched my computer because I forgot to patch".

  9. #9
    Member n00bius's Avatar
    Join Date
    Mar 2005
    Location
    texas
    Posts
    86
    ok, that'll work, thanks for the help, i think i'm going to check out SSH tunneling, If I can put it together, like the other question I asked a while, back it'll be pretty good security (RSA key, plus two username/password pairs).
    ...:::Pure Kn0wledge:::...

  10. #10
    Just Another Geek
    Join Date
    Jul 2002
    Location
    Rotterdam, Netherlands
    Posts
    3,401
    The way I do it is to ssh to my homenetwork like so..

    ssh -L 8933:mywindows:3389 username@mynetwork.com

    Then I use RDP to connect to localhost:8933 and ssh will tunnel it to mywindows.
    Oliver's Law:
    Experience is something you don't get until just after you need it.

Similar Threads

  1. Suspicious Traffic being reported in FW logs
    By Gixxer in forum Firewall & Honeypot Discussions
    Replies: 18
    Last Post: July 28th, 2006, 11:20 PM
  2. breaking tru firewall
    By red_budha in forum Miscellaneous Security Discussions
    Replies: 3
    Last Post: April 1st, 2006, 08:16 PM
  3. Windows XP Tips
    By Nokia in forum Tips and Tricks
    Replies: 4
    Last Post: June 18th, 2004, 05:24 PM
  4. Writing your own web server.
    By ntsa in forum Other Tutorials Forum
    Replies: 3
    Last Post: October 5th, 2002, 05:48 PM
  5. Outpost bug?
    By kadeng in forum Firewall & Honeypot Discussions
    Replies: 11
    Last Post: August 25th, 2002, 11:23 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •