Hi Eldad, (I've also sent this to the list since it might be useful for others...)
As Micheal Salem said, it is important to be sure that you really mean a NAT, rather than just your ISP giving you a dynamic IP.If you can't forward a port yourself through the NAT (say, because it belongs to your ISP - that's the situation I'm in with my home service), then it is still possible to get at it (in a round-about way...)
that is exactly my problem
Do you have your own network of machines that you connect through an ADSL router to your ISP? Or do you have only one machine that has an IP address that changes according to your ISP's choice? -If the second, how do you know your ISP uses a NAT? (Check your IP address - if it's in the range 10.x.x.x or 192.168.x.x or 172.16.x.x then your ISP is using NAT.)
OK, if your ISP really is using NAT, here's how to get a connection back to your box within the NAT (it's worth noting this method can be used for getting through a NAT to just anything you want, not just VNC - I often use it while I'm at work to get a command-line for my laptop back at home [within the ISP's NAT] - and it's all encrypted automatically!):
The secret is to do it "backwards"... that is, since there's no way to get directly through to your machine from outside, you have to start off from your machine within the ISP's NAT and create an ssh port forward on an external machine that tunnels back to your NATed box. You can then, while at that external machine, connect locally to that port, which will go through the ssh tunnel back to your NATed box and connect to the required port there.
If your NATed box is running some form of unix with OpenSSH, then the command to create the ssh tunnel would look something like this (see "man ssh" for info about these options):
ssh -C -c blowfish -f -N -R 5950:localhost:59xx <remote-host>
Where "xx" is the display number for the NATed machine (i.e. if your VNC server is running on display 1, then use port 5901, etc.)
(Note that I've added compression here: "-C", since I've found it helps, even when using a broadband connection, and I've also used 'blowfish' encryption: "-c blowfish", which is somewhat faster than the default '3des' encryption...)
Remember that you are typing this into your NATed box, so the remote host is the name of the machine you want to connect *from*, once you get to it again...
Of course, for this to work you must have an ssh client on your NATed box and an ssh server on the one you want to view from...
What this will do is listen for a connection on port 5950 on <remote-host> and forward it through the ssh tunnel to port 59xx on your NATed box - which is the port used by the VNC server with display "xx".
Once you are sitting back at the 'remote' host, you make a vnc viewer connection to display 50 (which corresponds to port 5950 above -you can change this as required), but as if the vnc server is running on that machine. - i.e. connect to localhost with display 50.
One thing to watch out for with this is that the vnc viewer might try to use raw encoding (since it thinks it is connecting locally). You don't want it to do this, so you need to force it to use different encodings.
If the viewer box is a unix-based machine then you would add some extra options to the command-line as follows:
vncviewer -encodings "hextile rre corre copyrect" localhost:50
I expect the windows vnc viewer has options that you can change to make it use other encodings.
If you have Windows running on these machines, and you don't know how to use ssh on them, you'll have to ask around for somebody who has some experience of setting up port forwards (remote) on the Windows version of ssh.
Another thing to watch out for is that you might find the ssh connection times-out due to no activity. This is a bit inconvenient if it takes more than ten minutes to get from home to the remote machine!
Unfortunately, I don't really have a ready solution for this (though you may be able to come up with some creative way to keep the connection busy if you can connect to the remote box from home and push packets at the port until you get there) - what I do is create a standard ssh connection back to my home machine, using the method described above, which I keep busy until I get to work. Then I kill that ssh connection and start a new one straight away so I can type in the commands I want - which would be the ssh port forward commands for VNC, in your case...
I suspect there's probably a way to prevent the ssh timeout, though I've been too lazy to check the mac pages to see what it is...
Anyway, hope all that lot helps!
Any questions, let me know.
Adrian
=====================================================================
Adrian Umpleby [EMAIL PROTECTED] http://julia.ese.ic.ac.uk/adrian/
=====================================================================
vncPatches68k:- http://julia.ese.ic.ac.uk/adrian/software/vnc/
_______________________________________________
VNC-List mailing list
[EMAIL PROTECTED]
http://www.realvnc.com/mailman/listinfo/vnc-list
