Connecting to VNC via SSH through a NAT?

[darthmullet]

I have the following setup:

My Computer (OS X 10.5) <—> Linksys WRT54g Router <—> Cable Modem <—> Internet <—> Outside Computer (Includes: Vista, XP, OS X 10.4, Linux, etc.)

I want to control "My Computer" (running a VNC server) from an "Outside Computer" without having to forward a port on the router (which acts as a NAT), if this is possible. If this is not, would I be able to use a non-standard port (other than 222 or whatever SSH/VNC connections typically are)?

I seem to recall at some point reading about creating such a connection by using an active SSH connection between an outside server running some sort of SSH forwarding program and the local computer. You then go to that outside server and it connects you to the final destination VNC. I have an account on both Silenceisdefeat.com (which I believe would allow me to run such a program) and my university unix server account.

I've done some extensive googling but can't find anything. Any network geniuses out there who know how to set this up? I would really appreciate any help (or if anyone knows of an article describing this process and can point me toward it)...

 

[foshizzle]

On the linksys router forward port 22 to 'my computer 10.5' (will need its IP address, so you might want to give 'mycomputer' a static IP from the router) and enable 'remote login' in the sharing options in system preferences.

Get your external IP address, http://www.whatismyip.com/ note it.

From outside computer, open a terminal (mac, linux) and type "ssh user@external-ip -L 59000:localhost:5900" hit enter, wait for password prompt, tell it yes when you want to add to your known hosts. After password prompt, you're in, but keep the terminal open.

on outside mac, go to the finder and type apple-K, then in the dialog box type "vnc://localhost:59000" hit enter, wait for credential screen, type them in, you're screen sharing over SSH.

Another thing, since you probably dont have static external IP, you might want to setup a dyndns account and give your external IP a free domain name. Then you can install the dyndns tool that updates your domain name when the external IP changes.

 

[darthmullet]

On the linksys router forward port 22 to 'my computer 10.5' (will need its IP address, so you might want to give 'mycomputer' a static IP from the router) and enable 'remote login' in the sharing options in system preferences.

Get your external IP address, http://www.whatismyip.com/ note it.

From outside computer, open a terminal (mac, linux) and type "ssh user@external-ip -L 59000:localhost:5900" hit enter, wait for password prompt, tell it yes when you want to add to your known hosts. After password prompt, you're in, but keep the terminal open.

on outside mac, go to the finder and type apple-K, then in the dialog box type "vnc://localhost:59000" hit enter, wait for credential screen, type them in, you're screen sharing over SSH.

Another thing, since you probably dont have static external IP, you might want to setup a dyndns account and give your external IP a free domain name. Then you can install the dyndns tool that updates your domain name when the external IP changes.

Thanks for the reply, but you completely missed the point. I know how to set up the built in remote desktop by forwarding the standard port. Like I said in my original post, that is not what I am trying to do.

I'd like to be able to do the process without port forwarding on the router.

 

[foshizzle]

SSH is not possible without port forwarding. You have to pass the port through your router using NAT. You can use logmein.com to get on your network, but you'll have to install some software.

 

[darthmullet]

Thanks.
what if I initiate the connection from the computer behind the NAT? i'm guessing that's what the site you mentioned is doing.

 

[MacForMeOneDay]

Thanks.
what if I initiate the connection from the computer behind the NAT? i'm guessing that's what the site you mentioned is doing.

So I am a little confused by your posts. But if I understand the quote above then I think its possible.

Combining your example, and the statement above:
"My Computer" is behind a firewall, and your want to control it remotely.
"My Computer" can initiate a ssh session with "Other Computer" directly?
* So "Other Computer" is directly on the internet? Or has port forwarding on its side?

From "My Computer":

ssh -C -o "ServerAliveCountMax 60" -o "ServerAliveInterval 50" -R5906:localhost:5900 <user>@"OtherComputer"
These Server commands will help keep the connection alive.​

Now From "Other Computer" (assuming, later that day, to drive from "My Computer" to "OtherComputer"):

vncviewer localhost:6​

Now, if you can use port forwarding on either side and both computers are behind a firewall, then you are going to need something like logmein.com (Hamachi version) which allows you to setup with little/no configuration VPN.

 

[darthmullet]

Thanks!

It looks like logmein.com is exactly (more or less) what I was looking for. I've installed it, and I'll have a chance to test it out on monday.