Hello. I am putting this question in the networking area because I think it is probably a firewall issue. Here is the my general network layout:

I have a static IP (we'll say 200.200.200.200) that has a domain name pointed to it (let's say system.domain.com). The system is behind my home DSL router (which has the static IP) with port 22 forwarded to it so that I can SSH into it (it is an FC3 box). That box has a NATed internal IP (we'll say 10.10.10.10). vncserver is running on :1.


Now, when I am at home, I use Putty on my Windows laptop to SSH to 10.10.10.10 with a tunnel from local port 5901 to 10.10.10.10:5901. I am then able to open a VNC client and connect to the server as localhost:1.

However, this is where I run into problems. Whether I am at home behind my router or on the road somewhere, I can still SSH into my system without issue but SSHing to system.domain.com, but VNC never connects as localhost:1. Am I missing something? Does VNC use another port even when tunneling over SSH?
Also, if it is a firewall issue, shouldn't I still be able to get to it from behind my firewall by going to system.domain.com? I would think DNS would resolve the name and my router would realize that both the source and destination computers were behind it and bypass the firewall?

On a side note, I apologize for my love of parenthesis. Thank you in advance for any assistance.

So you are connecting with ssh -L 5901:127.0.0.1:5901 system.domain.com
then telling vncviewer to connect to 127.0.0.1:5901 ?

That's correct. I'm using PuTTY for SSH, but that would be the command line equivalent.

I've personally done that before and it worked fine then.

I'm just not too sure about the Putty setup..
Worth investigating though..

In the tunnels section put 5901 in the source port and in destination put localhost:5901. Save your profile. In VNC you should connect to localhost:1. Personally I start vncserver with vncserver :1 -localhost. This prevents logins outside of the tunneled connections and prevents the vncserver from hack attempts.

I'll give that a try tonight. I just don't understand why it works perfectly until I go through the firewall. Since I'm tunneling, the only port I should need open is 22.

THANK YOU!!! Just tried it that way and it worked.