> -----Original Message----- > From: Seak, Teng-Fong [mailto:[EMAIL PROTECTED] > Sent: Thursday, February 05, 2004 11:30 AM > To: [EMAIL PROTECTED] > Subject: RE: VNC behind Watchguard SOHO > > > I'm wondering if it's possible to do the port > forwarding from Joe to Mary and Martha. So he doesn't have > to use double VNC viewer.
Yes, it is. Here is how I do it. My home network is behind a NAT router that does port forwarding, without allowing you to change the port number. There is one Linux machine and several Windows machines. The Linux machine is on 192.168.1.100 and the Windows XP box I'll be discussing is at 192.168.1.105. The Linux box is running sshd. If you don't have/want a Linux box, you can substitute a Windows box, but you'll have to install and run sshd on it. It would also need to be running at all times, even if you wanted to connect to a different machine. My router is forwarding only the ssh port (22) to the Linux box running the sshd. In other words, it forwards port 22 to 192.168.1.100. Both my Linux box and my Win XP box are running VNC servers. The Linux VNC server happens to be on 5 (5905) and my Win XP VNC is listening to 90 (5990). No good reason for these choices. That's about all I have to do on my home network. Now, to access these two VNC servers from anywhere on the net: In one case, I use putty on a Win XP box at a remote location. You can also do this with any ssh client. I connect to my network using my ISP-assigned IP address, SSH protocol, and tunnel the ports as follows: L5905 localhost:5905 L5990 192.168.1.105:5990 I end up with an ssh login session on my linux box at home, which I just minimize away on my local XP desktop. I don't need to use this session, but I must keep it open in order to tunnel the VNC ports. Then I start my vnc viewer and connect to: localhost:5 to get to my Linux VNC server localhost:90 to get to my Win XP VNC server So, I'm using SSH to connect through my router, which makes router configurations (beyond the ssh port) unnecessary. The arrangement is also more secure because of the SSH encryption. If you just forward the VNC ports through your router, then anyone can connect a viewer through that port and then you'd have only the VNC server authentication to keep people off your VNC server. This may be OK for many people. In my situation, I don't change the VNC port numbers, but you could. I could make my Windows VNC server listen on 23 (5923) for example, and let a viewer connect to it by using 0. If I did this, the port forwarding would look like: L5900 192.168.1.105:5923 This way, once I have the forwarding saved in putty, I only need to remember that localhost:0 goes to my Win XP box. Or, if I wanted all my VNC servers at home to listen on connection 0, I could tunnel as follows: L5901 localhost:5900 L5902 192.168.1.105:5900 In the viewer: localhost:1 is my linux box localhost:2 is my Win XP box I also tunnel the 58xx ports so I can use a web browser instead of a viewer if I want. In summary, using ssh tunneling might be more secure and may reduce the amount of router configuration that you need to make. This can be a big plus in a corporate environment where both security and forwarding ports on the corporate router may both be big issues. You do need to have some valid login on the machine running the sshd in order to establish the connection. Hope this helps, Karl > -----Original Message----- > From: Seak, Teng-Fong [mailto:[EMAIL PROTECTED] > Sent: Thursday, February 05, 2004 11:30 AM > To: [EMAIL PROTECTED] > Subject: RE: VNC behind Watchguard SOHO > > > I'm wondering if it's possible to do the port > forwarding from Joe to Mary and Martha. So he doesn't have > to use double VNC viewer. > > > -----Message d'origine----- > > De : Scott C. Best [mailto:[EMAIL PROTECTED] > > Envoyi : jeudi 5 fivrier 2004 18:20 > > @ : [EMAIL PROTECTED] > > Cc : [EMAIL PROTECTED] > > Objet : Re: VNC behind Watchguard SOHO > > > > Mark: > > > > Heya. The part that is unclear is how you can connect > > to Joe at all if your SOHO box doesn't allow port-forwarding. > > My guess is that the SOHO has put Joe into the "DMZ", meaning > > it forwards all ports, by default, to Joe. Not very secure, > > but I'm sure it works. > > > > Here are some ideas to get things working better: > > > > 1. Install an SSH server on Joe, and SSH clients on Mary and > > Martha. You can then use SSH to setup a "reverse tunnel", > > so that port 5901 on Joe actually connects to Mary, and > > 5902 connects to Martha, etc. > > > > 2. You can VNC to Joe, and then from Joe open a VNC Viewer and > > connect to Mary or Martha. > > > > 3. You can replace your SOHO box with a $30 LinkSys box that > > handles this much more nicely. > > > > 4. You can install Kaboodle on Joe, and then setup a "personal > > VPN" connection to Joe from anywhere on the Internet. Once > > connected, you can connect to Mary or Martha (Kaboodle uses > > Zebedee to act like a connection-forwarding service). > > > > Hope one of these helps! > > > > -Scott > > > > > Ok, let's hope this is clearer: > > > > > > I have a Windows2k Network with a single fileserver. > Let's call it "Joe". > > > This network shares a DSL connection to the internet, and > we have a > > > Watchguard SOHO Firewall. This network has (among > others) two workstations. > > > One is running WindowsXP-Pro, let's call that one "Mary". Another > > > workstation is running Windows98SE, let's call that one "Martha". > > > > > > Right now, I can successfully run VNC Server on Joe, and > from anywhere with > > > an internet connection, use the VNC viewer to connect to Joe. > > > > > > I'd like to also run VNC Server on Mary and Martha, and, > from anywhere with > > > an internet connection, use VNC viewer to connect to Mary > and Martha. > > <snip> > > _______________________________________________ > > VNC-List mailing list > > [EMAIL PROTECTED] > > To remove yourself from the list visit: > > http://www.realvnc.com/mailman/listinfo/vnc-list > _______________________________________________ > VNC-List mailing list > [EMAIL PROTECTED] > To remove yourself from the list visit: > http://www.realvnc.com/mailman/listinfo/vnc-list _______________________________________________ VNC-List mailing list [EMAIL PROTECTED] To remove yourself from the list visit: http://www.realvnc.com/mailman/listinfo/vnc-list
