Re: VNC server behind firewall

Fri, 07 May 2004 02:46:11 -0700 

Boris....

On Fri, 2004-05-07 at 08:56, Boris Gereg wrote:
> Hello,
> 
HI.
> I found several how-tos on web, but none of them suits my situation.
> Basicaly I am novice to SSH tunneling and Putty, but I use VNC for
> several years in local network.
> 
I've been doning SSH for years...

> This is my situation:
> 
> My computer (W2K) with local IP address 192.168.1.10.
> Here will be VNC client.
>    |
>    |
>    V
> My linux server (Debian) with local IP address 192.168.1.200 and
> public address 212.55.x.x.
> This server has SSH port accessible from Internet and local network.
>    |
>    |
>    V
> Internet
>    |
>    |
>    V
> Firewall, that has no open ports from Internet
>    |
>    |
>    V
> My friend's computer (W2K) with public IP 144.60.x.x (obtained from
> firewall's DHCP server). This IP cannot be pinged from Internet. But
> my friend can ping my linux server.
> Here will be VNC server
> 

Okay, you got 2 possibilities....

1) He needs to open a tunnel back to himself for you....
   This is done with the parameter -R 5900:144.60.x.x:5900
   Then you connect to  192.168.1.200:5900 and you get his machine!
   (you need the following putty options, 
   "local ports accept connections from other hosts" and
   "remote ports do the same")
   (you need to enable "AllowTcpForwarding yes", and 
    "GatewayPorts yes" in /etc/ssh/sshd_config on your server...)

2) Use the "VNCViewer -listen" mode...
   Just for this purpose vnc has the listen mode...

   What you need to do is:
   - start a vncviewer in "listneing mode" on your computer...
     (this is a viewer, that is listening for a connection)

   - have your friend setup a putty ssh tunnel, for the viewer port
     (I believe that is 5500, instead of 5900)

   - have your friend "Add a connection" to his vncserver, 
     and point the connection to the tunnel...


Viola, it's a reverse initiated connection....

===============
Jerry


P.S.  While you are in /etc/ssh/sshd_config I suggest you add the
following line also:

"AllowGroups      remotesh"

This tells ssh only to allow users who belong to the group remotesh to
log in with ssh...  

So you need to create a group called remotesh, and add your friend to
it...

You can then tell SSH which user are allowed to in via ssh and more
important which not!
_______________________________________________
VNC-List mailing list
[EMAIL PROTECTED]
To remove yourself from the list visit:
http://www.realvnc.com/mailman/listinfo/vnc-list

Reply via email to