Tunneling X-output through Firewall

Tunneling X-output through Firewall

Post by Mathias Franziu » Thu, 03 Dec 1998 04:00:00



Hi,

I want to redirect the X-Output from a workstation at my university
to my PC. The Gateway that connects my LAN with the university LAN
seems to block these packets.
The admin will not change this.

1. What kind of protocol is used for the X-client/server communication?
2. Is there any (freeware etc) tool available to tunnel it via http or
ftp?

Thanks a lot in advance,
   Mathias

 
 
 

Tunneling X-output through Firewall

Post by John Mell » Thu, 03 Dec 1998 04:00:00



> I want to redirect the X-Output from a workstation at my university
> to my PC. The Gateway that connects my LAN with the university LAN
> seems to block these packets.
> The admin will not change this.

> 1. What kind of protocol is used for the X-client/server communication?
> 2. Is there any (freeware etc) tool available to tunnel it via http or
> ftp?

See if they will forward ssh connections.  Perhaps they already do.
One of the things that the ssh suite does is to forward encrypted
and compressed X sessions.  Not only is it secure, but it is much
faster than regular X.  There is also a WindowsNT client available.

Ssh uses port 22 for its communications.

Ssh normally does 1024-bit host key identrification, and 768-bit encryption.
This exceeds military-grade cipher requirements, and should satisfy any
security concerns that the admin may have.  Its far more secure than his
admin connection to the firewall would be.

Once you have ssh in place, you won't need ftp, since scp will perform the
same functionality as rcp, but encrypted again.

I had a brain-dead firewall administrator, who wanted to deny all access.
He would only allow outbound connections to start.  What I ended up doing,
was to start up a window on my home machine (Linux) from my work machine
(Solaris) and firing keep-alive messages through constantly from a background
process.  This kept the connection up for weeks at a time.
--
John Mellor        Process Improvements     Kitchener, Ontario, Canada



 
 
 

Tunneling X-output through Firewall

Post by Christopher B. Brow » Thu, 03 Dec 1998 04:00:00


On Wed, 02 Dec 1998 14:23:27 GMT, John Mellor

Quote:>Ssh normally does 1024-bit host key identrification, and 768-bit encryption.
>This exceeds military-grade cipher requirements, and should satisfy any
>security concerns that the admin may have.  

You might want to verify that "exceeds military-grade cipher requirements"
thing with either the cryptography department at UW (likely on the sixth
floor of the M&C building, if things haven't changed), or perhaps with
some even more authoritative source, such as CSE (Communications Security
Establishment) in Ottawa.

I suspect you'll find that the claim that any cipher that is readily
available to the public may be considered to "exceed military-grade
cipher requirements" to be a little less than credible.
--
Those who do not understand Unix are condemned to reinvent it, poorly.  
-- Henry Spencer          <http://www.hex.net/~cbbrowne/canada.html>

 
 
 

Tunneling X-output through Firewall

Post by Mathias Franziu » Mon, 07 Dec 1998 04:00:00


John Mellor schrieb:


> > I want to redirect the X-Output from a workstation at my university
> > to my PC. The Gateway that connects my LAN with the university LAN
> > seems to block these packets.
> > The admin will not change this.

> > 1. What kind of protocol is used for the X-client/server communication?
> > 2. Is there any (freeware etc) tool available to tunnel it via http or
> > ftp?

> See if they will forward ssh connections.  Perhaps they already do.
> One of the things that the ssh suite does is to forward encrypted
> and compressed X sessions.  Not only is it secure, but it is much
> faster than regular X.  There is also a WindowsNT client available.

> Ssh uses port 22 for its communications.

Port 22 is blocked.
Is there another possibilty or can I change the ports?

Quote:>[...]

Thanks,
   Mathias Franzius