I'm trying to get an SSH tunnel from work to home through the evil ass firewall. The firewall blocks everything but port 80 so after soliciting some advice from the fellow IT-manager's-worst-fears chaps in EED, I set about a course of action; 
1. Moved Xitami from port 80 to 81 on Wench
 2. Installed WinSSHD on Wench.
 3. Monkeyed around to get WinSSHD to work with ZA.
 4. Tested tunnelling using Beej's Penguinet SSH client. A-OK.
 5. Tunneled RDC by mapping localhost:5000 to the RDC port of 3389 on the remote machine.
 6. Ran RDC client and attempted to connect to localhost:5000
 
Bingo, we have a problem Houston. Microsoft, in their infinite lameness, have the client on XP refuse any local connections. Even though the port is clearly not the port of the locally running RDC server. A bit of googling  turns up a nasty workaround that basically works. 
So now I can run RDC and tunnel it. Thing is, it still doesn't work. So taking the advice from the above link, I started to Google around in microsoft.public.windowsxp.work_remotely and came across a  definitive statement that it is not possible to tunnel RDC through to a machine which is also running the SSH daemon. In essence microsoft are disallowing any connections from the loopback interface. Microsoft rule. 
So that's me fucked. The brute force solutions are; 
1. Install Radmin and use that instead *
 2. Run another machine on the LAN during work hours which runs the SSH daemon and will forward the RDC request to Wench.
 
Both of these options suck. Microsoft suck. That is all. 
* Radmin runs like a dog on XP for no apparent reason
Tuesday, 15 July 2003
Subscribe to:
Post Comments (Atom)
 
 
 
 Posts
Posts
 
 
Why do you actually need rdc though? I just use SSH, and that does for everything I want, I can kick off downloads, run irc, whatever without using rdc.
ReplyDeleteAnd you just know your going to get to work and find out its not just a port 80 open, it'll be a proper state inspection proxy job that'll only let http requests go by anyway :)
It's that MS download accelerator which doesn't appear to do that... it's really not that much of a high tech outfit. :)Incidentally, I think I've cracked it. If I switch my arcade cab on before I go to work, port 80 is now mapped from the ADSL router to it. An SSHD is waiting there. I've tested and it looks like I can indeed port forward from there to Wench RDC. Fucking roxor! One of the main reasons for doing this is so I can fuck around with Bittorrent shit, that's very very fiddly indeed via command lines.Update: Scuppered! Damn firewall is of the state inspection type so they'll be no sly SSH tunneling out from under it's evil icey grasp! Now I'm going to have to write a remote leecher bot that operates via web or e-mail. Suxors! I wanted to stream meh mp3s into the office too! :-(
ReplyDeleteYou can stream over http, don't be a softlad!Don't give up anyhoo. Try summit like this? www.nocrew.org
ReplyDeleteMmmmm, talk about hacky. I grabbed www.htthost.com and ... it's got a basic little host thing you run and set up with a passy. Then you run a local HttpPort thing and you can map ports on it rather like an SSH client but it also runs a SOCKS proxy which is pretty damn leet. I tested it and, RDC worked over it. Don't really know if it's going to work externally yet but it's worth a try!Gave it a test with Muz and he was able to tunnel through my system as well. So... all I need to do is try it from work now. Can't see a reason why it shouldn't work?
ReplyDeleteThe only problem is, if it does work, it'll show up on a http only proxy/firewall like a fuckoff big read light with its weirdy requests. Depends how hands on your IT dept is. I read my firewall log every day, because I'm THAT KIND OF CUNT!
ReplyDeleteYou should come and work where I work, Lurks. No traffic monitoring or port blocking of any kind. Kazaa Lite, BT, IRC... the network admin needs to be shot. :)
ReplyDeleteOr more likely, fired.
ReplyDeleteWell, it's like this, the network cab with the switches, DSL, firewall and patch panel is right next to me. There is absolutely no one in the building to manage it, the IT is outsourced. So it's as hands-off as you can get really.Update: Result! It works, http tunneled straight into my arcade cab and then forward the connection to Wench. RDC works pukka. As does, I presume, pretty much anything else that uses single ports. Quite roxor really :)
ReplyDeleteElite! I'll see you on IRC in ten mins! :)
ReplyDeleteHeh! I have the ability to do that now but I'm really not keen. I've just got a vast amount of work on and looking in a little chat window from time to time, welcome distraction as it would be, just isn't a good aid to productivity. :(
ReplyDeleteI am connecting to a Remote Computer via Remote Desktop Connection(mstsc.exe).
ReplyDeleteOn the Remote Computer they can see my IP address. I don't want that. I guess I have to use a proxy or do something. Port Forwarding is the solution for me ? If it is how can I do it ? I have
HTTP-Tunnel v2.8.2390Vand**e Entunnel v1.1.2
If it is not ? Is there any way to do it ?I can't find my solution nowhere. I have been searching for a long time. So if anybody has the answer. Please post something(a link, or a message)
I try HTTPPort. In the port mapping I entered Local Port, Remote Host and remote port. But the problem is. I don't know which port is using RDC for connection to a remote computer. I think it is automaticly assigned so port mapping is not working I guess.
I look forward to hear from you. Thanks for your help...