Re: DI-524. Can't vnc from inside local network to Internet using a tunnel

Jeff Liebermann wrote:

> On Mon, 05 Dec 2005 16:18:59 -0400, Derek Broughton
> <news@xxxxxxxxxxxxxx> wrote:
>
>>> You also need port 5800 forwarded on the server to use the HTTP web
>>> browser version of VNC.
>>
>>He wasn't - he was using an ssh tunnel.
>
> It wasn't obvious. If he were using an SSH tunnel, then he wouldn't
> need to:
> "...and set up some firewall rules to allow the box with ssh connect
> to my work computer on port 5900."

"At home, behind my DI-524, I ssh using vnc to my ssh server," - seems
pretty obvious to me.

> Certainly, no firwall rules would be required on the home DI-524.

That's what I figured.

> Then, it must be on the destination router at work. If it were
> through an SSH tunnel, then it wouldn't need port forwarding on 5900.

He didn't mention port-forwarding at all, though he said he set up firewall
rules to allow access to his _work_ computer on port 5900. Which makes
some sense on that end - but only if the ssh server and his work computer
are separate hosts on the same (at-work) network.
>
>>I can still do that if I want. :-) It would be a serious shortcoming if
>>you
>>couldn't vnc to localhost. When you're working with Unix boxes, it's
>>pretty normal to make a link to the server _then_ use vnc.
>
> I can't unless I explicitely enable loop-back connections . Just
> tried it with TightVNC 1.2.9. I can do it if I setup a local server,
> but not with just the viewer. In this case, there's no need for a
> server on the user end. However, the client has a built in "host"
> which can be used to terminate a VNC session.

I didn't know about the built-in host - I've only used it with a local
server.

> I don't have much
> experience using this feature, but that's what I was guessing he was
> doing with the port 12000. Maybe not, I can't tell for sure from the
> description.

No, I think we've done this to death without more detail :-)

> Anyway, there are some web pages that explain how to run VNC over SSH
> including the loop-back connection, which has to be specifically
> enabled. That's probably the OP's problem.

That would be my guess, too.

--
derek
.

Relevant Pages

  • Re: RealVNC
    ... I use VNC behind server ... Default listening port for RealVNC server that runs on the machine on ... Then there is default Java listening port on port 5800 on the client ... VNC pops "Trying to connect to remote assistant" ...
    (microsoft.public.windows.server.sbs)
  • Re: VNC behind ISA Server
    ... On what ports VNC uses, please read the following information from VPN ... A VNC server listens on two ports. ... The exact port numbers depend on the VNC ... Microsoft can make no representation concerning ...
    (microsoft.public.windows.server.sbs)
  • Re: Problem using PuTTY and Dropbear for port forwarding (ssh tunneling)
    ... you could wonder how VNC server on PC A can listen on port ... My plan is to let those clients set up and keep open an SSH connection ...
    (comp.security.ssh)
  • Re: OT: BBC iPlayer
    ... they can run the proxy for you. ... In summary your task is to set up an SSH tunnel to your server in the UK, there are many resources on the internet which instruct you how to do this; but this is my brief take on it, others may care to "flesh" it out. ... forward an outside port say 5122 to port 22 on your server. ...
    (uk.comp.sys.mac)
  • Re: Port-Umleitung
    ... Wenn der zu steuernde Fremd PC den VNC Server drauf hat, ... Nicht ich mit dem Viewer baue die Verbindung auf, sondern der Server beim ... Er startet den Vorgang der Verbindungsaufnahme, indem er mich auf Port 5500 ... > anderen Port als 5500 (weil da der ISA ja schon lauscht wenn er den VNC ...
    (microsoft.public.de.german.isaserver)