[olug] X tunneling

[David Walker]

It's a good idea to pick a non standard port for ssh to listen on if you can 
so that port scanners won't find it

You might consider configuring your router to route, say, port 18660 to your 
server ssh and 18661 to your main machine (unless you're worried about 
someone attacking your main machine and you want that 2nd layer of security).
then just ssh -p 18660 your_ip for your server box and ssh -p 18661 your_ip 
for your main machine. (or "scp -P 18660 your_ip:/myfiles .")

On Thursday 01 November 2001 01:12 pm, you wrote:
> Well, if it were that simple I've have done it already. The problem is,
> there is a computer inbetween the two I want to network at both ends,
> neither of which are running X. Here's the setup: At my home network, all
> traffic goes through a Cisco 2500 router that is configured to route all
> incoming ssh traffic to my server box. From there I usually ssh into my
> main machine which is on the same network. At the other location, my
> computer is NATed through a Novell firewall over which I have no control.
> Does X use port 6000 if it's being forwarded by ssh? I may have to set up
> the router to forward but I'd rather not forward X all X traffic if at all
> possible :)
>
> This is why I'm not sure if it's even possible. I'm thinking I might have
> to set up a VPN to simplify things. And yes, I'm well aware of X's latency
> issues :)
>
> -----Original Message-----
> From: Christopher Cashell <topher at zyp.org>
> Date: Thu, 1 Nov 2001 10:50:21 -0600
> To: olug at bstc.net
> Subject: Re: [olug] X tunneling
>
> > On Fri, Nov 02, 2001 at 12:34:26AM +0800, Adam Lassek wrote:
> > > Has anybody here successfully tunelled X over the internet? I would
> > > like to know if it is possible to tunnel an X application through one
> > > or more computers, preferrably over ssh. I have done remote X
> > > applications before, but that was a direct connection between two
> > > computers on the same network. This time, I have a couple hops
> > > inbetween and I'm wondering if it would even be possible.
> >
> > Yep, I do this regularly.
> >
> > Basically, X was designed specifically to be network transparent,
> > whether "network" is a LAN or the Internet.  X doesn't care which it
> > is, it'll work just as easily (though, depending on connection speed,
> > the performance may not be quite as responsive over the net as on a
> > LAN).
> >
> > Just do things exactly as you would if you were running an X app
> > remotely from another computer in the same room.  SSH into the remote
> > computer, set your DISPLAY environmental variable[1], and you should be
> > ready to go.  Just start up the program (you may want to background it
> > (&) in order to continue using your shell while the program runs) and
> > use it.  Some hosts disable X forwarding in general in the global
> > config file for ssh.  If that's the case, you'll prolly have to pass it
> > the '-X' switch to enable it when you log into the remote host.
> >
> > [1] If you are running from within X when you make your connection, the
> > DISPLAY variable will usually be automatically set for you.
> >
> > --
> > Christopher
> >
> > -_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_
> >
> > For help contact olug-help at bstc.net - run by ezmlm
> > to unsubscribe, send mail to olug-unsubscribe at bstc.net
> > or `mail olug-unsubscribe at bstc.net < /dev/null`
> > (c)2001 OLUG http://www.olug.org
> >
> > -_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_

-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_

For help contact olug-help at bstc.net - run by ezmlm
to unsubscribe, send mail to olug-unsubscribe at bstc.net
or `mail olug-unsubscribe at bstc.net < /dev/null`
(c)2001 OLUG http://www.olug.org

-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_