Il mar, 2004-05-11 alle 18:07, Joshua Banks ha scritto:> Dario Lesca wrote:
>
> > Ooopss! I have found it!
> >
> > DNAT fw loc:192.168.1.10 tcp 3389 - 127.0.0.1
>
> Hi Dario,
>
> Just out of curiosity, why would you want to do this? Security, just
> don''t have a choice.. ??? Please share.. :P
I use this rule with a ssh tunnel.
>From a internet remote client win2000 (or linux), I connect whit ssh (-L
3389:localhost:3389 [...] user@shorwal) to firewall on port 22, then on
CLient I connect with Remote Desktop (or linux rdesktop) to
localhost:3389, the ssh tunnel redirecto tcp traffic to
localhost(shorewall), and (from the DNAT redirect) the traffic is
redirect to internal TS ... and I see the WinTS in my lan behind
shorewall.
In this way I dont must nat and open the 3389 port from lan to loc and I
can use the ssh passphrase+certificate for autenticate the user.
The file .bashrc of user@shorwal is modify and not allow to work whit
shell and scp.
On windows I use this ssh client (and server, if I want):
http://sshwindows.sourceforge.net/
I have test also stunnel, but I not have found howto connecto whit
password request.
......
Is this a good reason?
Dario Lesca.