I'm having trouble getting my vnc viewer working through a firewall using ssh tunneling. Here is my setup:

Windows XP using TightVNC viewer to connect using PuTTY to remote Linux (FC5) vncserver. There is a router between the Linux box

PuTTY settings:
Host Name: <my_external_host_name>
Port : 45900 (yes, I'm using non-standard ports)
SSH - X11: Enable X11 forwarding is checked.
X display location is localhost:0
SSH - Tunnels:
Forwarded ports: L45905 <my_external_host_name>:45905
Local and Auto radioboxes are selected.

TightVNC settings:
I'm using the default settings and connecting with the following string:

localhost::45905



On the linux server this is my config for starting the vncserver:

#!/bin/sh
#
# xstartup
#
# Uncomment the following two lines for normal desktop:
# unset SESSION_MANAGER
# exec /etc/X11/xinit/xinitrc

[ -x /etc/vnc/xstartup ] && exec /etc/vnc/xstartup
[ -r $HOME/.Xresources ] && xrdb $HOME/.Xresources
xsetroot -solid grey
vncconfig -iconic &
#xterm -geometry 80x24+10+10 -ls -title "$VNCDESKTOP Desktop" &
#twm &
eval `dbus-launch --auto-syntax`
gnome-session &

#Eof

I'm starting the vncserver on port 40005

I also have the ssh port open on 45900 in the linux firewall and it is forwarded to the router on the same port which is open on that firewall. Of course sshd is running on 45900.

If I'm on the LAN using the local ip (ie 192... in putty host), the tunneling works fine. However as soon as I use the external static ip the connection to the box works with putty but when I try connecting through vnc viewer nothing happens. The password box doesn't appear and I can still see the vncviewer.exe process in the Windows Task Manager.

I guessing that because it works internally and not externally it must be a problem with the router. Is there another port that I must open? Note that even if I am on the LAN and I use the external address it doesn't work.

Looking at the logs on the router, I get some blocked messages, with the source <my_local_XP_box_on_LAN>:45900 to destination <external_ip>:2209. This last port (2209) keeps changing with different putty connections, ie (2209, 2226, 2228). This happens both when I log in with putty with port forwarding on or off so I'm not sure if this is just a red herring.

Any help would be very appreciated as I'm a little stuck at this point.

X11 forwarding is not necessary for what you want to do - you're not running X on your vnc viewing machine, are you?
Try using the LAN IP address of your linux server for forwarding instead of <my_external_host_name> - eg 192.168.0.2

Tell me this was a typo - it should be the same port number - 45905

But the vnc traffic should not be affected by the router, it is tunnelled inside the ssh traffic. The router should not see the difference between an ssh terminal and the vnc traffic, it will all be encrypted and just get passed on to the sshd server. Right?

Don't know, try the other stuff first. I'm sure it's in the tunneling, not the router. That is if ssh (PuTTY) works fine.

Thanks that worked, I used the internal ip for the forwarded ports and I can get through now. Thanks a lot!