Win -> BSD -> BSD -> Win Tunnel

[GhettoBSD]

I'm trying to establish an RDP session from a windows machine at site A, and have it connect to a windows machine at site B. Both windows systems are identical. Windows at site B can not be connected to directly (from the outside), so I have to go through a reverse/dynamic tunnel.

So this is what it looks like:

[Win7 site A] <- lan -> [BSD at site A] <-> reverse ssh tunnel <-> inet <-> [BSD at site B] <- lan -> [Win7 site B]

These are the steps I'm trying:

1) SSH tunnel from [BSD at site B] -> [BSD at site A]
ssh -R 3389:localhost:3389 user@ip.address
Connection to [BSD at site A] is now established with tunnel.

2) Reverse SSH tunnel from [BSD at site A] -> [BSD at site B]
ssh localhost -p 3389
Connection to [BSD at site B] is now established through reverse tunnel.

3) RDP from [Win7 at site A] -> lan -> [BSD at site A] -> [BSD at site B] -> lan -> [Win7 Location B]

I'm not quite sure where I'm messing it up. I've tried many different ways of establishing the tunnels and nothing seems to work quite right.

Any ideas/tips?

Thanks!

 

[gordon@]

I'm not sure why you are trying to ssh to port 3389, the RDP port. Here's what I would do:

On BSD/site A:
% ssh -g -L 3389:win7.b.host.name:3389 [email]user@bsd.b.host.name[/email]

Then RDP from Win7/site A to bsd.a.host.name which will tunnel the RDP connection over.

If you really want to initiate the ssh connection from site B, the ssh command would be:
% ssh -R *:3389:win7.b.host.name:3389 [email]user@bsd.a.host.name[/email]

 

[GhettoBSD]

Thanks for the reply. I still had an error here or there, but this is what did end up working.

First I establish a connection from [BSD B] to [BSD A] so I can later connect back to it.

From [BSD B] ssh -f -N -R 22:localhost:22 user@bsd.a

Next, I go back through that tunnel with:

From [BSD A] ssh -g -L 3389:win.b.ip:3389 localhost

I believe the part I was missing was -g (which allows forwarding).

Then, on [Win A] I RDP to: bsd.a.ip:3389. That is sent to [BSD B], who then forwards it to [Win B].

[Win A] <- lan -> [BSD A] <-> ssh tunnel <-> inet <-> reverse ssh tunnel [BSD B] <- lan -> [Win B]

Awesome! Thank you very much for your help!

 

[gordon@]

You really don't need to have 2 ssh tunnels to do this. You can make it work with a single one.

 

[GhettoBSD]

So just establish a tunnel from [BSD B] to [BSD A] that forwards all the ports? I can't connect from [BSD A] to [BSD B] without a -R tunnel already established. So I'm not sure how it would work with just 1.

 

[gordon@]

So just do all the tunneling from your initial ssh connection from [BSD B] to [BSD A]
% ssh -R *:3389:win.b.ip:3389 user@bsd.a

Then from your [Win A] in your scenario, just RDP to bsd.a:3389 and it'll work. One SSH connection.