Mageia forum

[jiml8]

Scenario: Computer A is a workstation running Mageia 4. Computer B is a laptop running OpenSUSE 13.2.

Computer A has sshd running and port 22 is exposed through a router to the internet (the WAN). Of course, sshd is also exposed through the LAN.

Computer A is also running x11vnc without a password, watching port 5900. Port 5900 is firewalled off on the workstation and on the router; it is only available locally.

Computer B has a wireless connection to the same LAN that A is on. B can make a normal ssh connection (for a terminal session) with A using A's LAN address. B can also make a normal ssh connection with A from the LAN or from remote locations, using the WAN address. X forwarding is enabled and is working.

Thus, connectivity with ssh seems to be working correctly.

B then attempts to establish an ssh tunnel to A. When B accesses A using A's LAN IP, the tunnel works.

Syntax: ssh -f -l jiml 192.168.0.2 -L 5900:192.168.0.2:5900 -N

Doing it this way results in a vnc session forwarded to computer B enabling remote control of computer A.

When B accesses A using the WAN address, the ssh tunnel connection is made and both B and A agree this has happened. However, x11vnc on A never sees a connection from the client (krdc) on B and no data is passed.

Syntax: ssh -f -l jiml WAN.IP.addr -L 5900:WAN.IP.addr:5900 -N

I am baffled by this. I reiterate; B can access A for an ssh terminal session from anywhere. Via the LAN, a tunnel session works fine. Via the WAN, the tunnel is apparently established, but no data passes. How can this be? Anyone have any ideas?

[jiml8]

...and, as so often happens, after beating my head against the wall and finally asking the question, I found the answer right after I posted the question. It was in front of me the whole time.

The answer is that I have to use the internal IP for the forwarding host.

syntax: ssh -f -l jiml WAN.IP.addr -L 5900:192.168.0.2:5900 -N

And this works fine.