# Win -> BSD -> BSD -> Win Tunnel



## GhettoBSD (Feb 3, 2011)

I'm trying to establish an RDP session from a windows machine at site A, and have it connect to a windows machine at site B. Both windows systems are identical. Windows at site B can not be connected to directly (from the outside), so I have to go through a reverse/dynamic tunnel.

So this is what it looks like:


```
[Win7 site A] <- lan -> [BSD at site A] <-> reverse ssh tunnel <-> inet <-> [BSD at site B] <- lan -> [Win7 site B]
```
These are the steps I'm trying:

1) SSH tunnel from [BSD at site B] -> [BSD at site A]
ssh -R 3389:localhost:3389 user@ip.address
Connection to [BSD at site A] is now established with tunnel.

2) Reverse SSH tunnel from [BSD at site A] -> [BSD at site B]
ssh localhost -p 3389
Connection to [BSD at site B] is now established through reverse tunnel.

3) RDP from [Win7 at site A] -> lan -> [BSD at site A] -> [BSD at site B] -> lan -> [Win7 Location B]

I'm not quite sure where I'm messing it up. I've tried many different ways of establishing the tunnels and nothing seems to work quite right.

Any ideas/tips?

Thanks!


----------



## gordon@ (Feb 5, 2011)

I'm not sure why you are trying to ssh to port 3389, the RDP port. Here's what I would do:

On BSD/site A:
`% ssh -g -L 3389:win7.b.host.name:3389 [email]user@bsd.b.host.name[/email]`

Then RDP from Win7/site A to bsd.a.host.name which will tunnel the RDP connection over.

If you really want to initiate the ssh connection from site B, the ssh command would be:
`% ssh -R *:3389:win7.b.host.name:3389 [email]user@bsd.a.host.name[/email]`


----------



## GhettoBSD (Feb 6, 2011)

Thanks for the reply. I still had an error here or there, but this is what did end up working.

First I establish a connection from [BSD B] to [BSD A] so I can later connect back to it.



> From [BSD B] ssh -f -N -R 22:localhost:22 user@bsd.a



Next, I go back through that tunnel with:



> From [BSD A] ssh -g -L 3389:win.b.ip:3389 localhost



I believe the part I was missing was -g (which allows forwarding).

Then, on [Win A] I RDP to: bsd.a.ip:3389. That is sent to [BSD B], who then forwards it to [Win B].



> [Win A] <- lan -> [BSD A] <-> ssh tunnel <-> inet <-> reverse ssh tunnel [BSD B] <- lan -> [Win B]


*
Awesome! Thank you very much for your help!*


----------



## gordon@ (Feb 7, 2011)

You really don't need to have 2 ssh tunnels to do this. You can make it work with a single one.


----------



## GhettoBSD (Feb 7, 2011)

So just establish a tunnel from [BSD B] to [BSD A] that forwards all the ports? I can't connect from [BSD A] to [BSD B] without a -R tunnel already established. So I'm not sure how it would work with just 1.


----------



## gordon@ (Feb 7, 2011)

So just do all the tunneling from your initial ssh connection from [BSD B] to [BSD A]
`% ssh -R *:3389:win.b.ip:3389 user@bsd.a`

Then from your [Win A] in your scenario, just RDP to bsd.a:3389 and it'll work. One SSH connection.


----------

