On Thu, 14 Feb 2002, Ron Miller wrote: > 4. Putty 0.52 on Windows98, set to forward port local port 5901 to > linux:5901
Ehud Karni has emphatically stated that one must use a literal "localhost" when setting up the forward. I thought about it for some time and finally understood it thusly: putty forwards local windows port 5901 to remote's "notion of localhost:5901". If you forward local windows port 5901 to remote's "notion of linux:5901", linux != localhost and the connection is thus denied. Ehud Karni also explained it another way: because the linux vncserver will only acept connections from localhost, it will only listen on interface lo, or 127.0.0.1. Forwarding to the hostname itself means the packets will arrive on eth0 or 192.168.1.1 or whatever internal IP. Thus, the connection is refused. Thus, when setting up the tunnel, you must use localhost literally. Prepending the remote's "notion of ..." clarified my understanding. Now consider http://www.uk.research.att.com/vnc/sshwin.html. Here we have Alice trying to connect to Charlie via Bob. Assuming Bob has a firewall to prevent vnc connections, it's safe for Charlie not to use -localhost. The tunnel needs to be set up slightly differently: On Alice, open ssh with local port 5954 forwarded to Bob's "notion of Charlie:5904". In putty, it's L5954 to Charlie:5904. Alice needs to know nothing about how to get to Charlie, just so long as Bob can get to Charlie. Alice now has a shell open on Bob. Alice can now start vncviewer and point to its own port 5954, or :54. When Bob receives these packets, Bob knows to direct them to Charlie:5904. Now suppose Charlie started vncserver with -localhost. You would then need two tunnels, one between Alice and Bob, and another between Bob and Charlie. Alice opens an ssh with local (Alice) port 5954 forwarded to Bob's "notiion of Bob:5904". Alice now has a shell open on Bob. From Bob, open ssh with local (Bob) port 5904 forwarded to "Charlie's notion of localhost:5904". Alice now has a shell open on Charlie. Alice now opens vncviewer and points it to its own port 5954. This traffic gets forwarded to Bob:5904, but the second tunnel on Bob forwards these to Charlie's localhost:5904. I'm guessing it's possible to open a vncviewer connection to an arbitrarily deep vncserver so long as there's a path through each intermediate. > 6. VNCViewer using config file. Config file host=localhost, and port set > to 5901 I didn't need to do this for it to work. Good luck! --------------------------------------------------------------------- To unsubscribe, mail [EMAIL PROTECTED] with the line: 'unsubscribe vnc-list' in the message BODY See also: http://www.uk.research.att.com/vnc/intouch.html ---------------------------------------------------------------------
