[FreeNX-kNX] kNX behind a firewall (only port 22 open) unusable?

Fabian Franz FabianFranz at gmx.de
Fri Feb 18 22:49:25 UTC 2005


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Am Freitag, 18. Februar 2005 23:29 schrieb Tomasz Chmielewski:
> Fabian Franz wrote:
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> >
> > Am Freitag, 18. Februar 2005 14:00 schrieb Tomasz Chmielewski:
> >>I was wondering if it is possible to use kNX from behind a firewall,
> >>when only port 22 is opened, and ports > 4000 are blocked?
> >
> > Well its not. :-(
> >
> > I could tell you exactly what to do, but I lack the KDE knowledge to do
> > it.
> >
> > You need to use nxssh and send it a certain switch command. Or you need
> > to use netcat or open a socket or ...
> >
> > If you want to work on that, I can instruct you what needs to be done
> > exactly.
>
> yeah sure, let us know, this was the point of starting this topic,
> wasn't it? :)

Ok, then please take the kNX source code an implement the following in 
knxconnection.cpp:

To the parameters given like --session add --encryption="1".

Instead of connect=m_sshData.host do add accept=127.0.0.1.

Then do not disconnect the m_SSH Process in line 265, but instead send:

"bye".

"bye" is a special command, which means that now all traffic of nxproxies will 
be done through the ssh channel.

Spawn and connect a netcat to the proxy port and connect the stdout of this 
process to the stdin of the ssh process and vice versa.

Done. Connection is now tunneled through ssh.

Please see also the execellent article at the NoMachine KB:

http://www.nomachine.com/ar/view.php?ar_id=AR01C00137

though its stating there that its listen=port, while nxclient does not use 
this but just accept=127.0.0.1.

Have fun programming.

cu

Fabian

PS: If you want to use nxssh instead of netcat, the switch command is like 
that. nxssh will do the job then for you:
	
NX> 299 Switching connection to: localhost:port
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFCFnD3I0lSH7CXz7MRAkL4AJ4qsTRSRmlhuuKINAXieA0MiIhMswCePa4H
86uV4CdJAiaO9es6x1l9OAE=
=EgTm
-----END PGP SIGNATURE-----




More information about the FreeNX-kNX mailing list