Please help with VNC Config

Hi Everyone,

Here is my setup, maybe someone cal help?

I have a home network with 6 computers and a linksys router. On my
Linux box, I have reconfigured SSH to accept the connection on port
443, and I have forwarded the port in the router. Also, I installed
VNC Server on my Windows XP box.

>From work, I can use SSH Secure Shell Client and connect to my Linux
box via port 443. So, that works. I cannot however, get to my Windows
box.

Perhaps I have the tunneling set up improperly? Do I need to be
running some type of SSH on my Windows box? Do I need to forward ports
590x in the router?

Maybe someone can help by giving me some of their settings and I'd be
able to duplicate those on my setup. I guess I need to know what
changes, if any, to make on the server side and any changes on the
client side.........

Thanks.

<(E-Mail Removed)> wrote in message
news:(E-Mail Removed) oups.com...
> Hi Everyone,
>
> Here is my setup, maybe someone cal help?
>
> I have a home network with 6 computers and a linksys router. On my
> Linux box, I have reconfigured SSH to accept the connection on port
> 443, and I have forwarded the port in the router. Also, I installed
> VNC Server on my Windows XP box.
>
>>From work, I can use SSH Secure Shell Client and connect to my Linux
> box via port 443. So, that works. I cannot however, get to my Windows
> box.
>
> Perhaps I have the tunneling set up improperly? Do I need to be
> running some type of SSH on my Windows box? Do I need to forward ports
> 590x in the router?
>
> Maybe someone can help by giving me some of their settings and I'd be
> able to duplicate those on my setup. I guess I need to know what
> changes, if any, to make on the server side and any changes on the
> client side.........
>
> Thanks.
>

Forward TCP port 5900, on your router, to the Windows box
that is running VNC.

vncviewer hostname:0 == TCP port 5900

Enjoy,
Postmaster

On 16 Feb 2006 06:06:57 -0800, (E-Mail Removed) wrote:

>Hi Everyone,
>
>Here is my setup, maybe someone cal help?
>
>I have a home network with 6 computers and a linksys router. On my
>Linux box, I have reconfigured SSH to accept the connection on port
>443, and I have forwarded the port in the router. Also, I installed
>VNC Server on my Windows XP box.
>
>>From work, I can use SSH Secure Shell Client and connect to my Linux
>box via port 443. So, that works. I cannot however, get to my Windows
>box.
>
>Perhaps I have the tunneling set up improperly? Do I need to be
>running some type of SSH on my Windows box? Do I need to forward ports
>590x in the router?
>
>Maybe someone can help by giving me some of their settings and I'd be
>able to duplicate those on my setup. I guess I need to know what
>changes, if any, to make on the server side and any changes on the
>client side.........
>
>Thanks.

google "tunneling VNC over SSH"

The document you're looking for is dated 19 Jan 06


Here is a pair of iptables commands that forward VNC to the desired
destination behind/inside ROUTER:

iptables -t nat -I PREROUTING -p tcp -d $ROUTERIP --dport 5900 \
-j DNAT --to 192.168.1.48:5900

iptables -I FORWARD -p tcp -d 192.168.1.48 --dport 5900 -j ACCEPT

Running VNC viewer from anywhere outside ROUTER - connecting to
$ROUTERIP - shows me the desktop of the machine behind the router
whose IP is (NATted to) 192.168.1.48


hth
--
buck

"buck" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> On 16 Feb 2006 06:06:57 -0800, (E-Mail Removed) wrote:
>
>>Hi Everyone,
>>
>>Here is my setup, maybe someone cal help?
>>
>>I have a home network with 6 computers and a linksys router. On my
>>Linux box, I have reconfigured SSH to accept the connection on port
>>443, and I have forwarded the port in the router. Also, I installed
>>VNC Server on my Windows XP box.
>>
>>>From work, I can use SSH Secure Shell Client and connect to my Linux
>>box via port 443. So, that works. I cannot however, get to my Windows
>>box.
>>
>>Perhaps I have the tunneling set up improperly? Do I need to be
>>running some type of SSH on my Windows box? Do I need to forward ports
>>590x in the router?
>>
>>Maybe someone can help by giving me some of their settings and I'd be
>>able to duplicate those on my setup. I guess I need to know what
>>changes, if any, to make on the server side and any changes on the
>>client side.........
>>
>>Thanks.
>
> google "tunneling VNC over SSH"
>
> The document you're looking for is dated 19 Jan 06
>
>
> Here is a pair of iptables commands that forward VNC to the desired
> destination behind/inside ROUTER:
>
> iptables -t nat -I PREROUTING -p tcp -d $ROUTERIP --dport 5900 \
> -j DNAT --to 192.168.1.48:5900
>
> iptables -I FORWARD -p tcp -d 192.168.1.48 --dport 5900 -j ACCEPT
>
> Running VNC viewer from anywhere outside ROUTER - connecting to
> $ROUTERIP - shows me the desktop of the machine behind the router
> whose IP is (NATted to) 192.168.1.48
>
>
> hth
> --
> buck
>

hth,

And if you want the web interface to work too.... just add the following
to the iptables rules above :-)

iptables -t nat -I PREROUTING -p tcp -d $ROUTERIP --dport 5800 \
-j DNAT --to 192.168.1.48:5800

iptables -I FORWARD -p tcp -d 192.168.1.48 --dport 5800 -j ACCEPT

----
Enjoy,
Postmaster

How would I put that info into my Linksys router? All I can do there
is forward ports.......

Or is that GUI doing the same thing?

<(E-Mail Removed)> wrote in message
news:(E-Mail Removed) ups.com...
>
> How would I put that info into my Linksys router? All I can do there
> is forward ports.......
>
> Or is that GUI doing the same thing?
>

Mr. Doe :-)

You should be able to use a virtual server and forward
TCP port 5800 and 5900 to a specific IP on the
private LAN. (depending on the Linksys model :-)

or you could put the VNC server node in the DMZ.
(Although that may have some serious security ramifications)

or
You could forward port 22 (ssh) and run VNC over
an ssh tunnel.

Enjoy,
Postmaster

On Thu, 16 Feb 2006 06:06:57 -0800, johndoe wrote:

> Hi Everyone,
>
> Here is my setup, maybe someone cal help?
>
> I have a home network with 6 computers and a linksys router. On my Linux
> box, I have reconfigured SSH to accept the connection on port 443, and I
> have forwarded the port in the router. Also, I installed VNC Server on my
> Windows XP box.
>
>>From work, I can use SSH Secure Shell Client and connect to my Linux
> box via port 443. So, that works. I cannot however, get to my Windows
> box.
>
> Perhaps I have the tunneling set up improperly? Do I need to be running
> some type of SSH on my Windows box? Do I need to forward ports 590x in
> the router?
>
> Maybe someone can help by giving me some of their settings and I'd be able
> to duplicate those on my setup. I guess I need to know what changes, if
> any, to make on the server side and any changes on the client
> side.........
>
> Thanks.

You should be able to do the following. When you make a SSH connection to
your home box, just make a tunnel and tunnel port 5900 through that SSH
tunnel. You do that the following way, when you use ssh on the box at
work, you can do:

ssh -L5900:<IP windows box>:5900 -p 443 <external ip at home>

Now you can start vncviewer at work and connect to localhost port 5900.
This way you should get the windows screen of your box at home.

You have now tunneled VNC on a SSH connection.

Succes.

Jan Hugo

<(E-Mail Removed)> wrote in message
news:(E-Mail Removed) ups.com...
>
> How would I put that info into my Linksys router? All I can do there
> is forward ports.......
>
> Or is that GUI doing the same thing?
>

John,

Does your Linksys router have a tab labeled Applications & gaming ?
If so, you can forward TCP ports 5800 and 5900 to a specific
IP address on the private LAN, in that section of the configuration.

Enjoy,
Postmaster

"Jan Hugo Prins" <(E-Mail Removed)> wrote in message
news(E-Mail Removed)...
> On Thu, 16 Feb 2006 06:06:57 -0800, johndoe wrote:
>
>> Hi Everyone,
>>
>> Here is my setup, maybe someone cal help?
>>
>> I have a home network with 6 computers and a linksys router. On my Linux
>> box, I have reconfigured SSH to accept the connection on port 443, and I
>> have forwarded the port in the router. Also, I installed VNC Server on
>> my
>> Windows XP box.
>>
>>>From work, I can use SSH Secure Shell Client and connect to my Linux
>> box via port 443. So, that works. I cannot however, get to my Windows
>> box.
>>
>> Perhaps I have the tunneling set up improperly? Do I need to be running
>> some type of SSH on my Windows box? Do I need to forward ports 590x in
>> the router?
>>
>> Maybe someone can help by giving me some of their settings and I'd be
>> able
>> to duplicate those on my setup. I guess I need to know what changes, if
>> any, to make on the server side and any changes on the client
>> side.........
>>
>> Thanks.
>
> You should be able to do the following. When you make a SSH connection to
> your home box, just make a tunnel and tunnel port 5900 through that SSH
> tunnel. You do that the following way, when you use ssh on the box at
> work, you can do:
>
> ssh -L5900:<IP windows box>:5900 -p 443 <external ip at home>
>
> Now you can start vncviewer at work and connect to localhost port 5900.
> This way you should get the windows screen of your box at home.
>
> You have now tunneled VNC on a SSH connection.
>
> Succes.
>
> Jan Hugo
>
>
Jan,

I think you're half way there.... You have created a connection
from ssh (at work) to the home public IP, and are tunneling
port 5900 over tcp port 443, . But, where is the other end ?

Don't you need someone listening on the public IP at port
443 ? and that someone just happens to be sshd, so it
can decode the port : hostname : port, pull the data out
of the tunnel and forward it on to the correct client ?

I believe that the original poster was trying to create a
connection from work, through a Linksys router, to
a system behind the router. So.... I'm not sure how your
suggestion would work in his/her environment.

Perhaps if you had sshd running on the remote client, and
it was listening in port 443, and the Linksys was forwarding
tcp port 443 to that client, then the plumbing of 5900 localhost
(at work) would get delivered to the client's sshd, decrypted,
and directed to the client at TCP port 5900.
If you're going to all that trouble, you probably don't need
the -p 443, and could just use the default (22) and set the
Linksys to forward TCP 22, to the client that is running sshd :-)


Enjoy,
Postmaster.

<(E-Mail Removed)> wrote in message
news:(E-Mail Removed) ups.com...
>
> How would I put that info into my Linksys router? All I can do there
> is forward ports.......
>
> Or is that GUI doing the same thing?
>

John,

One other quick thought....
It would also be possible to skip the ssh glue, if you
were using a version of VNC that has encryption
built-in. (Example: RealVNC personal edition). Then simply
forward the port on the Linksys router, and you're done.

Enjoy,
Postmaster