On Tue, 2004-07-27 at 01:45, Frank Hamersley wrote: > I was wondering if anyone has had experience (good or bad) setting up > multiple VNC sessions to a single server from ssh connected clients? > > I have a VNC server (W2K) sitting in a DMZ behind a RH9 iptables firewall > and wanted to enable multiple sessions from externally connected clients > (ssh tunnel) so we can do co-operative sysadmin and/or training from remote > locations. > > The problem as I see it is that the VNC Server will "see" all the incoming > client packets (tcp 5900) as having originated from the firewall and it > won't be able to determine which client which packet needs to go back to. > The VNC server has no problem. The SSH tunnel connects (tcp) to the vncserver. the vncserver replies to the connection. All works, no need to for any additinal software ipaddress, etc....
Jerry > I have a rough plan to sort this out as follows ... > > 1. Establish a second ip address on the firewall's DMZ interface - eg. > 10.1.1.1 and 10.1.1.2 > 2. Setup the VNC Server as 10.1.1.3 listening on tcp/5900 > 3. connect/tunnel the first client and use 5900:10.1.1.3:5900 for the tunnel > 4. connect/tunnel the second client as 5900:10.1.1.3:5901 for its tunnel > 5. using iptables POSTROUTING rule to SNAT the 10.1.1.3:5901 traffic to > 10.1.1.3:5900 and force the SIP to 10.1.1.2 > 6. using iptables PREROUTING rule to DNAT the 10.1.1.2:5900 traffic back to > 10.1.1.1:5901 > > Hopefully sshd will then pick up the 10.1.1.1:5901 packets and ram them back > down the tunnel to the second client. The first client obviously runs a > vanilla arrangement and presto! > > Any comments or suggestions (less elaborate ideally) before I have a hack at > my test network? > > Cheers, Frank. > _______________________________________________ > VNC-List mailing list > [EMAIL PROTECTED] > To remove yourself from the list visit: > http://www.realvnc.com/mailman/listinfo/vnc-list _______________________________________________ VNC-List mailing list [EMAIL PROTECTED] To remove yourself from the list visit: http://www.realvnc.com/mailman/listinfo/vnc-list
