On Monday 12 January 2009 04:13, Christopher Chan wrote: > > the connection must be initiated from C's side to A. This simply cannot > > work simultaneously, so I tried to make use of my public server B which > > can be used as a "bridge" between A and C. So, A connects to B, C > > connects to B, and then A and C communicate. Roughly speaking... > > > > That was my initial idea, but seems too complicated to work out, so I > > asked for a possible easier alternative. :-) > > Easy. John R Pierce's idea works no problem. Just do it the other way > round for A. > > A will run ssh (or putty) and connect to B with a ssh key and do port > forwarding. > > So instead of ssh -L as suggested by John, do the equivalent of ssh -R on > A. > > Then your problem will become: how do I secure B:3389 against > unauthorized connections. Again, ssh (or putty) on C -> B to the rescue. > > Back to John's suggestion. C will do ssh -L and B will firewall all > access to port 3389 except from localhost. > > > A ssh -R3389(or whateverA):localhost:3389 > > > \|/ > > B > > /|\ > > > C -L3389(or whateverB):localhost:3389(or whateverA) > > rdesktop or Remote Desktop on C connections to localhost port 3389 (or > whateverB) Hmmm, I see... Yes, this seems doable/possible, indeed. I am just not too confident in WinXP ssh capabilities. I mean, putty could do it, but it also needs to keep the connection alive through the NAT/firewall in front of A, and survive across reboots, without hickupps :-). But I guess this can also be arranged without much trouble. Up to now I wasn't aware of -L and -R options of ssh, they are actually very powerful when used in combinations like this. Anyway, I found that openvpn would suit all my needs, and this seems to be an equivalent alternative. Maybe I'll implement both openvpn and this, to have a backdoor if openvpn fails for whatever reason. Thanks for help, this is very useful ! :-) Best, :-) Marko