> If remote address is not routable you will not be able to access it
> anyways. So you have to either open port 22 on the firewall of the
> remote machine which will be natted to the internal ip:port or you
> have to open port 5900 ( which is not secure). Either way you have to
> punch a hole on the firewall if you need to access non-routable
> addresses.
Maybe I'm not understanding what you're trying to explain, or maybe I'm not explaining myself well enough. I know this is possible when public IPs are used. What I'm trying to determine (before I spend the time and money to reconfigure gateway2) is if this is possible when the VNC client and server machines aren't directly accessible from the public internet because they're behind NAT'ing gateways.
The SSH tunnel gets me through the firewall via the ssh port on gateway2. Local only sees and uses the faked VNC port on gateway1. Assuming local can reach the faked port on gateway1 and gateway2 can reach the actual port on remote, do the IP addresses used even matter?
Darren Pilgrim wrote:
Doug Poland wrote:Darren Pilgrim said:I want to setup VNC on some Windows machines so I can access them over the internet, but I need to secure the connection in a way that will work with NAT'ing firewalls on both ends of the connection. How can I do this? I was thinking of setting up a tunnel between the two firewalls. On the local end, the tunnel starts at a given port on the firewall, which is connected to a port on the remote firewall that forwards to the VNC port on the remote machine. How would I go about doing this? Is there a better option?I recommend you use the TightVNC form of VNC. Read the info on this link: http://www.uk.research.att.com/vnc/sshvnc.html then read the ssd man page paying close attention to the -L switch. If you have particular problems after this leg work, then ask again.
Okay, I see how I can use ssh/sshd running on the FreeBSD gateways on
each end of the connection to make the remote VNC port accessible via a
port on the local gateway. However, their setup requires that the
remote machine have a routable IP address, doesn't it? Modifying the model on the page you sent me:
local machine (me) ----- gateway1
10.2.3.4/24 `ssh -g -L 5900:10.1.2.3:5900 gateway2`
runs vncviewer |
internet
|
gateway2 ----- remote machine
running sshd 10.1.2.3/24
running vnc server
on port 5900
Since the IP address I'm forwarding is non-routable, what happens? What happens to the source IP address, which is also non-routable and, to gateway2, non-local?
To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-questions" in the body of the message
