Interesting problem. I have done this in similar situations successfully via
PuTTY but my tunnel looks a little different than yours. Are you running
vncserver on both BOX_1 and BOX_2? If so, both on port 5900? If so, I
suspect all the networks involved use 192.168.0 (or the same private) address
space (certainly the case on LinkSys to LinkSys)which will cause a fundamental
problem locally on BOX_2. It will intercept the return packet on it's own
port 5900 thinking it is incoming from your internal network to it rather than
being sent back out through the tunnel.
Even if that is not your situation exactly, try a tunnel that looks like:
L5910 <BOX_1 ip address>:5900 <external ip address>
e.g.: Source Port - 5910
Destination - <BOX_1 ip address>:5900 <external ip address>
destination should be local with X display location of localhost:0 (which you
probably already have).
To connect to BOX_1 from your viewer at work (or friend's with LinkSys): make
the tunnel connection via PuTTY; then vncviewer should connect via
localhost:10.
Good Luck,
Glenn Lovitz
>-----Original Message-----
>From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
>Behalf Of Derek R.
>Sent: Wednesday, February 11, 2004 6:36 PM
>To: [EMAIL PROTECTED]
>Subject: Problems connecting through SSH, through two NAT routers
>
>
>Stop. Read this paragraph prior to responding. If you think
>that I haven't RTFM, think again. If you think I'm not
>capable of forwarding ports correctly, think again. This is
>not your usual "i can't connect through a router" post. This
>is a unique situation that I haven't found anywhere in the
>archives, and I've done an extensive search through them.
>Everything I know says this should work, ... except it's not,
>and I don't want to wade through "garbage" replies telling me
>to check things I've already checked five times.
>
>Description: I have a vNC server set up on one home machine
>(BOX_1), and a Cygwin SSH server set up on a second machine
>(BOX_2). I wish to connect from my machine at work (WORK_1)
>to BOX_1. I am using vNC 4.0b4 on all machines. The home
>machine is running in "service" mode and configured to accept
>from all addresses. I am behind a Linksys router at home. I
>have forwarded port 22 TCP through the router to BOX_2, which
>is where the Cygwin SSH server lives. I use Putty at work,
>and set it up to forward port 5900 on localhost to port 5900 on BOX_1.
>
>I fire up Putty from work, make a connection, and get the SSH
>login prompt. I can login successfully, and get a shell
>prompt on BOX_2 at home. I launch the vNC viewer, aim it at
>"localhost", and I am prompted for the vNC password. I enter
>the password, it displays a black screen and times out with
>the error "read: Connection reset by peer (10054)".
>
>Things I know right now:
>
>-- If I walk to the console of BOX_2 and launch the vNC
>Viewer, I can connect to BOX_1 successfully. This _should_
>rule out any configuration problems with vNC, because the
>tunneled connection is ALSO coming from BOX_2.
>
>-- I am able to make the SSH connection successfully. This
>_should_ rule out any port-forwarding issues with the Linksys
>router, as if I wasn't doing that correctly, it wouldn't
>connect to the SSH port. This _should_ also rule out any
>configuration issues with Putty or Cygwin itself, as the SSH
>connection will stay up forever.
>
>-- I am being prompted for the vNC password. This _should_
>rule out any tunneling-configuration issues with Putty,
>because if I couldn't make the initial connection, I wouldn't
>be prompted for the password.
>
>-- I can go to my friend's house, who is connected via DSL and
>*not* behind a router, and use Putty/vNC to connect to BOX_1
>successfully, given the above parameters. It all works great,
>as it should.
>
>-- I can go to my OTHER friend's house, who is connected via
>DSL and *IS* behind a router (Linksys), and experience
>identical symptoms to those described above. This _should_
>rule out any work-related issues such as "they're blocking
>traffic", etcetera, because my friend doesn't have the
>capacity to do any of that on his router, and doesn't even
>have any ports forwarded.
>
>-- My event log contains nothing useful: its only message
>after a "connection accepted" one is "Connections: closed:
>(clean disconnection)".
>
>This paints me into a very, very small corner. The only
>difference between the One That Works, and the Ones That
>Don't, is that for the Ones That Don't, there is a router
>using NAT on the ORIGINATING side of the connection. The only
>thing I can come up with from THERE is that vNC does some sort
>of reverse authentication based on comparing the viewer's IP
>address and the connecting IP address in order to foil
>spoofing, and because I'm behind NAT in two directions, it
>doesn't match up and therefore breaks the connection.
>
>So, can anyone point to the incorrect link in this chain, or
>provide additional information on what vNC is trying to do? I
>sure can't.
>
>-- Derek
>_______________________________________________
>VNC-List mailing list
>[EMAIL PROTECTED]
>To remove yourself from the list visit:
>http://www.realvnc.com/mailman/listinfo/vnc-list
_______________________________________________
VNC-List mailing list
[EMAIL PROTECTED]
To remove yourself from the list visit:
http://www.realvnc.com/mailman/listinfo/vnc-list
