DaemonForums  

Go Back   DaemonForums > OpenBSD > OpenBSD Security

OpenBSD Security Functionally paranoid!

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 29th November 2008
gyosl gyosl is offline
New User
 
Join Date: Nov 2008
Posts: 3
Thanked 0 Times in 0 Posts
Default SSH VNC behind pf/nat

Another newbie question. I have setup my xp with OpenSSH and VNC server. Everything works fine with SSH tunneling.
Laptop -> Internet -> xp

When I hooked up my gateway machine(OpenBSD) to xp, SSH tunneling turned broken.
Laptop -> Internet -> OpenBSD -> xp

I am wondering whether I have misconfigured the pf rules. I SSH the xp machine from Laptop without problems, but when I run VNC viewer from Laptop, connect to:127.0.0.1, it said "Connection established", and then right after it, it said, "Connection Closed".

Below is part of my pf.conf.

rdr on $ext_if proto tcp from any to any port 22 tag SSH -> 10.0.0.7 port 22

## loopback on internal interface $int_if
rdr on $int_if proto tcp from any to any port 5900 tag VNC -> 10.0.0.7 port 5900
rdr on $int_if proto tcp from 10.0.0.7 to any port 5900 -> 10.0.0.7 port 5900

pass in quick on $ext_if tagged SSH
pass in quick on $int_if

pass out quick on $int_if tagged SSH
pass out quick on $int_if tagged VNC
pass out keep state
Reply With Quote
  #2   (View Single Post)  
Old 29th November 2008
s2scott's Avatar
s2scott s2scott is offline
Package Pilot
 
Join Date: May 2008
Location: Toronto, Ontario Canada
Posts: 198
Thanked 9 Times in 8 Posts
Default

Is the following our correct interpretation of your network topology?
Code:
Laptop -> Internet -> ($ext_if)OpenBSD($int_if:10.0.0/24) -> (10.0.0.7/24)xp
And,

Code:
Laptop(VNC[Client]) -> Internet -> OpenBSD -> (VNC[Server:5900])xp
/S
__________________
Never argue with an idiot. They will bring you down to their level and beat you with experience.
Reply With Quote
  #3   (View Single Post)  
Old 29th November 2008
gyosl gyosl is offline
New User
 
Join Date: Nov 2008
Posts: 3
Thanked 0 Times in 0 Posts
Default

Quote:
Originally Posted by s2scott View Post
Is the following our correct interpretation of your network topology?
Yes

On my laptop, I open VNC connection to 127.0.0.1. Will it connect to OpenBSD instead of xp (VNC server)?
Reply With Quote
  #4   (View Single Post)  
Old 29th November 2008
gyosl gyosl is offline
New User
 
Join Date: Nov 2008
Posts: 3
Thanked 0 Times in 0 Posts
Default

I am VNCing machine behind a NAT, with SSH tunneling.
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 06:20 PM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick