I'm not exactly sure if this is a Linux problem or a Linksys problem....

My LAN connects to the internet through a Linksys router. I've got ssh and VNC set up on my linux box so that VNC has to go through an ssh tunnel to work. From inside my lan, everything is fine; VNC won't connect unless I have an ssh tunnel set up. However, from the internet, I can't get VNC to run. I've got port 22 forwarded from the Linksys router to the linux box so when I use Putty to connect to the external IP address at the router, I get a connection to the linux box. This works just fine. However, VNC absolutely will not connect. In setting up the Putty tunnel, I use the lan ip address of the linux box (192.168.1.x) and I suspect that this is the source of the trouble.

So, does anyone know a way to connect to the vncserver and still run VNC through the SSH tunnel? Or do I just need to quit bitchin and just use the console?

Does the ssh connection fail or connect?

SSH connects without a problem, both from inside the lan and from the internet. When I connect from the lan, I point Putty at the ip address of the linux box. When I connect from the internet, I point Putty at the ip address of the router and let it forward to the linux box.

Then I can't see why there would be a problem - using VNC over ssh will only use port 22. Are you using the same command from inside and out except for the ip address on the ssh command? I take it you are connecting to with VNC - "127.0.0.1:1" ?

Yes, the only difference is the IP address Putty uses to connect. VNC uses "localhost:2", but I use that both inside the lan (where is works) and outside the lan (where it doesn't).

I guess I'm wondering if the IP address change is the cause. When I'm within my lan, the Putty connection and the forwarding tunnel use the same IP address (192.168.1.x) while when I'm trying to connect from the internet, Putty uses the router IP address while the forwarding tunnel still uses the lan IP (192.168.1.x). My suspicion is that since Putty is connected to the router IP address, it really doesn't know what 192.168.1.x is and therefore doesn't know where to forward. In other words, when something shows up on port 5902, Putty doesn't know what to do with it because in this context 192.168.1.x doesn't make any sense.

ah - are you using the same client machine from inside and out?

Do you have localhost in the hosts file of the external machine? Try using 127.0.0.1 instead. I'm heading out now but I'll keep thinking of other possibilities (I think better in the pub )

As for your second para - from the ouside you never use a 192 addy you use the external ip and the ssh connection works fine so I can't see how that would be a problem.

And you are completely correct, there shouldn't have been a problem.......and I'm feeling like a proper idiot. The problem wasn't in how I described the connection, the problem was that I hadn't actually implemented what I described.

Now for the mea culpa:

In my previous posts I said that the forwarding tunnel was using the 192.168.1.x address. When I turned a critical eye to what I was doing, I found I had actually entered the IP address of the router. In other words, I was forwarding to port 5901 on the router. Needless to say, the router has absolutely no idea what to do with traffic on 5901 other than drop it. As soon as I changed the tunnel IP address to the 192 address, VNC worked like a charm.

I have GOT to start paying attention to what I type!


Thanks for your help david_ross, it is appreciated!! (Maybe I should try some of that thinking in the pub)

Cool - Glad you got it working - I came back for more money and thought I'd see how you were getting on