Comments on: Port forwarding with Linux, but no iptables, with socat http://extricate.org/2009/03/16/port-forwarding-with-linux-but-no-iptables-with-socat/ A subtle blend of technical geekery, judo and the life of a football referee. Tue, 25 Oct 2011 14:08:54 +0000 hourly 1 http://wordpress.org/?v=3.3.1 By: Jody http://extricate.org/2009/03/16/port-forwarding-with-linux-but-no-iptables-with-socat/comment-page-1/#comment-703 Jody Wed, 18 Aug 2010 04:46:06 +0000 http://extricate.org/?p=250#comment-703 This post has confused me a bit. You said your firewall wasn't configured properly to allow you access, yet somehow you're connecting on port 5000 after SSH'ing into the Linux machine and using socat to forward (I assume via the VPN). What firewall is there between the Linux system and the Windows one that blocks you from going directly into the Windows machine once the VPN connection is established? You know about SSH tunnels, but you don't use them even though they're easily available to you AND easily used in this situation. If you don't have SSH on the home machine, how are you SSH'ing to the Linux machine? And most confusing of all, if you're trying to RDP into the Windows machine, what on earth does having OpenSSH on the Windows box at work have to do with anything at all when you're trying to use the home and Linux work machines to do the "bounce" to the work Windows machine? You may want to edit the post to clarify why you had to use socat. Is the firewall specifically blocking RDP connections, rather than just port 3389? Apologies, but I'm leaving with more questions than answers here and I'm trying to help. If you have SSH on the Linux box, and you know about SSH tunneling, why didn't you just set up an SSH tunnel? Just do something like "ssh -f -L 5000:my-work-pc.somewhere.net:3389 sleep 60" to access the RDP on the PC behind the firewall as localhost:5000, or if you use PuTTY to ssh in, add a local port forward to the connection options before you're connecting, with local port 5000 and destination my-work-pc.somewhere.net:3389; either way will work. I do this to print to my work printers via CUPS from my home Windows box. Obviously, though, your socat solution is *perfectly valid* and you deserve a pat on the back for making it work. There's more than one way to skin a netcat. (Har har har!) This post has confused me a bit. You said your firewall wasn’t configured properly to allow you access, yet somehow you’re connecting on port 5000 after SSH’ing into the Linux machine and using socat to forward (I assume via the VPN). What firewall is there between the Linux system and the Windows one that blocks you from going directly into the Windows machine once the VPN connection is established? You know about SSH tunnels, but you don’t use them even though they’re easily available to you AND easily used in this situation. If you don’t have SSH on the home machine, how are you SSH’ing to the Linux machine? And most confusing of all, if you’re trying to RDP into the Windows machine, what on earth does having OpenSSH on the Windows box at work have to do with anything at all when you’re trying to use the home and Linux work machines to do the “bounce” to the work Windows machine? You may want to edit the post to clarify why you had to use socat. Is the firewall specifically blocking RDP connections, rather than just port 3389? Apologies, but I’m leaving with more questions than answers here and I’m trying to help.

If you have SSH on the Linux box, and you know about SSH tunneling, why didn’t you just set up an SSH tunnel? Just do something like “ssh -f -L 5000:my-work-pc.somewhere.net:3389 sleep 60″ to access the RDP on the PC behind the firewall as localhost:5000, or if you use PuTTY to ssh in, add a local port forward to the connection options before you’re connecting, with local port 5000 and destination my-work-pc.somewhere.net:3389; either way will work. I do this to print to my work printers via CUPS from my home Windows box.

Obviously, though, your socat solution is *perfectly valid* and you deserve a pat on the back for making it work. There’s more than one way to skin a netcat. (Har har har!)

]]>