Hey there,

On iptables I only allow SSH and Http access for everyone and I would like to start using vncserver, well I already am... It's just that I dont want that port to be open to the public and since I usally tunnel my VNC sessions with SSH to get encryption I was wonder if there was a way for me to just remove the allow from Iptables , Start a SSH session with some tunneling and still be able to access the VNC session?

Someway to make me appear to be inside (?!)

I tried the " Local ports accepts connection from host "
and " Remote Ports do the same"
options and now when I try to connect with localhost:#### (vncports) VNC i dont get connection refused or timed out , but the password box never shows up?!

So, you forward with
ssh -L vncport:127.0.0.1:vncport
and try to connect (not inside ssh) to 127.0.0.1:vncport ?
Also you can try 'ssh -X' and connect to 127.0.0.1:vncport inside ssh..

I can connect like this but then I still need iptables allowing 5901 from the outside, if I remove the allow it will connect but I dont get to login and nothing happends...(?!)


Not an option since I will be on Windows XP/Vista without X servers (cygywin and such)

Does VNC still work from localhost when you forbid it from outside? Also try some sniffer (Wireshark is very good) to see what exactly packets are coming. Use 'any' interface to see both Ethernet and loopback traffic. Does first packet go through ssh? Does sshd send a packet to VNC server? What interface does it use?