I’m not sure if i should post this or not. Not because it’s got any information that is secret, but just because it isn’t very elegant. But i’m posting.
Scenario: The Customer has a server in their DMZ. It’s a Windows server and it’s running Terminal services (RDP). A custom application needs to be installed onto this server. For that, the firewall must be configured so that a list of addresses, including the party installing the application, can access RDP and the port the custom application will answer on. I’m on the Inside net doing the firewall configuration.
So how can i test that RDP actually works from the outside, when i am on the inside? That would probably be easy if i had a Windows box i could RDP into and then RDP out of it to the customer’s server. But i don’t.
Enter (cough) Linux. And (cough cough) Cygwin.
- Install Cygwin on your Windows laptop. To install X-Windows, choose to install “xinit” from the X section. The rest of the files will follow.
- Run Cygwin. Exit Cygwin (it’s voudou, don’t question it).
- As administrator, run Cygwin and start X (or XWin or startx). Click away errors (more voudou).
- Start PuTTY and enable X forwarding.
- ssh into Linux box on the Outside you have access to.
- Start tsclient on the Linux box, which will the graphical stuff tunnel over ssh and end up on your X-Windows which is running on Cygwin/X which is, in fact, running on your Windows box. I think we have two or three layers of tunnelling here, but i’m not sure.
- Connect to the server in the basement, going through an improbable chain of loosely coupled and technically incompatible loops.
- Marvel.
So there. Didn’t say it was elegant. I’m not particularly proud of the solution, but at least i showed it worked. The elegant way would probably have been to use my cell phone to hook my laptop up to the Internet and get to the DMZ server from there… but where’s the fun in that? 
