OK. I need to make sure I understand this. Tell me if this is right. To make a REVERSE (WinVNC connecting to VNCViwer in listen mode) connection using VNC through SSH, the internet and a corporate firewall, I have to do the following:
* Put a SSH program on the client Windows PC running WinVNC. * Make the SSH program on the Windows PC forward port 5500 to port 443 on the Linux firewall on my network. * Bind a sshd to port 443 on my Linux firewall on my network. * Forward the decrypted data from port 443 on the sshd to port 5500 on my local Windows workstation running VNCviewer in listen mode. * Using "Add New Client" on the Windows PC running WinVNC, add localhost as a new client. The request should hit the SSH program, which forwards it to SSHD on port 443 of my firewall, which decrypts it, and forwards it to VNCviewer, listening on port 5500 of my local workstation. Something like: WinVNC on ClientWS1 ---> SSH on ClientWS1 port 5500 --> Internet --> sshd on MYFirewall port 443 --> VNCviewer on MyWS1 port 5500 Have I got the idea right? If so, I should be able to do this without recompiling VNC at all. I just need some help with SSH in Windows and sshd on the Linux machine. I have no idea on how to do this forwarding/tunneling with SSH. I have never used SSH for anything but a shell window before (and SCP for file transfer). - Chuck Renner -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Michael Ossmann Sent: Monday, January 14, 2002 3:36 PM To: [EMAIL PROTECTED] Subject: Re: Providing (Windows) VNC support to clients that have strict corporate firewalls On Mon, Jan 14, 2002 at 02:34:16PM -0500, Chuck Renner wrote: > > There needs to be a way to change ALL Ports used by VNC, not just the ports > it listens on. Ports used for outgoing connections should be able to be > changed both on the command-line, and through the GUI interface. Since this > isn't built-in, I had to build a small hack instead. Most people who are concerned with firewall traversal are also concerned about the very insecure protocol used by VNC traveling over the Internet. If you tunnel VNC through SSH on port 443, it solves both problems. -- Mike Ossmann, Tarantella/UNIX Engineer/Instructor Alternative Technology, Inc. http://www.alttech.com/ --------------------------------------------------------------------- To unsubscribe, mail [EMAIL PROTECTED] with the line: 'unsubscribe vnc-list' in the message BODY See also: http://www.uk.research.att.com/vnc/intouch.html --------------------------------------------------------------------- --------------------------------------------------------------------- To unsubscribe, mail [EMAIL PROTECTED] with the line: 'unsubscribe vnc-list' in the message BODY See also: http://www.uk.research.att.com/vnc/intouch.html ---------------------------------------------------------------------
