Koozali.org: home of the SME Server

Legacy Forums => Experienced User Forum => Topic started by: Andy Parkinson on January 29, 2003, 01:21:11 AM

Title: I need to tunnel ports using putty for VNC
Post by: Andy Parkinson on January 29, 2003, 01:21:11 AM

I have an interesting situation which is slightly SME related. I have lots of clients that I connect to using VNC. I get them to connect to me and I put my viewer into listening mode. This gives them a certain amount of security as they are only running the software when I need access and it also solves problems of accesing desktops that are behind firewalls. I usually get them to connect to my home machine which is behind my SME. To achieve this I have to forward the listening port (5500) to my desktop. This works wonderfully when I am at home but I have a need to achieve this from customers machines which are often behind firewalls and thus won't accept incoming connections. At the moment the only way I can do this is to use putty to tunnel in to my server and forward port 5905 to my desktop as 5900. Then I have control of my desktop and can therefore control any machines connecting to my listening desktop. This is not an ideal situation as it is sluggish. What I would like to be able to do is to forward port 5500 (not quite sure to where) and then use putty to tunnel in and direct that 5500 port back to whatever machine I happen to be using. and then use the viewer in listening mode to connect. the SME  would just be routing to me via SSH. I have tried all combinations to get this to work and I am no nearer. Maybe this question would be better placed on a Putty or VNC BB but I live in hope

Andy Parkinson

Title: Re: I need to tunnel ports using putty for VNC
Post by: Serge Dutremble on January 29, 2003, 06:44:41 PM

This seems convoluted.

What I do for helping my own clients:

1.  Each of my client have somewhere, an SSH-capable machine inside their network, if they are not using SME as their firewall/gateway to the internet.  This can be any type of PC, as long as they have the SSH server component installed.

2.  The client's firewall either accepts SSH connections (if it is a SSH-capable machine or device) or forwards a suitable port (usually the default SSH port 22) to the internal SSH-capable machine.

3.  I can then use putty to connect to the SSH-capable machine, forwarding the vnc port to the internal PC desktop I need to see.

This has worked well for me.

Naturally, it assumes my clients trust me.  If they don't, what's the point anyway.

Serge.