DI-524. Can't vnc from inside local network to Internet using a tunnel

Which VNC? UltraVNC, TightVNC, or the original?

You also need port 5800 forwarded on the server to use the HTTP web browser version of VNC.

Impressive. No opertunity to introduce additional complexity left out. Well, at least you didn't add a VPN.

Sounds like TightVNC. What you're doing is connecting to yourself, not the office server with the VNC viewer. If you think about it, you're creating a "hall of mirrors" effect where you have a local viewer trying to display itself inside the local viewer, etc. The authors got tired of dealing with this effect and blocked local viewing. I can do it with older versions of VNC, but not the current incantations.

Incidentally, if you have more than one VNC server running at work, you'll need to open additional ports 5801/5901 etc for each terminal session.

So, take it apart and try it piece by piece. Start with a web browser directly to port 5800 at the work server: http://ip_address:5800If your Java is working, it should play. Next, fire up the VNC viewer and try it on port 5900 directly with: ip_address::5900 (or something like that).

Then add SSH to the pretzel but point it to the server and not to a local IP socket number. That should also work unless your server is setup to accept only SSH connections.

Finally, setup your port 12000 kludge on the SSH server end to point to your SSH client (Putty). It least, that's what I think you're doing (not sure).

The reverse port 12000 abomination will require port forwarding on your DI-524 because in effect, the connection is made from the server to your router. Why you would want to do this is beyond my limited imagination.

Test each layer seperately. My guess is that your port 12000 kludge is not working and probably un-necessary.

Descriptive enough...

"now work" - I hope that should have been "doesn't work" or we don't seem to have a problem at all.

It's all "outbound" from your router, so it really shouldn't be a problem.

First of all, elininate the wireless part of the router from consideration by connecting via ethernet cable between your PC and the router - or even skip the router altogether.

If neither of those methods work, then it's not your router (and the problem really doesn't belong here :-))

If you have no trouble there, I think I need more information about your VNC client. I've never had to specify a local port - I suspect you need to configure the router to pass inbound traffic on port 12000 to your PC on the same port, but that's a guess.

He wasn't - he was using an ssh tunnel.

No he's not.

I can still do that if I want. :-) It would be a serious shortcoming if you couldn't vnc to localhost. When you're working with Unix boxes, it's pretty normal to make a link to the server _then_ use vnc.

It wasn't obvious. If he were using an SSH tunnel, then he wouldn't need to: "...and set up some firewall rules to allow the box with ssh connect to my work computer on port 5900." Certainly, no firwall rules would be required on the home DI-524. Then, it must be on the destination router at work. If it were through an SSH tunnel, then it wouldn't need port forwarding on 5900.

I can't unless I explicitely enable loop-back connections . Just tried it with TightVNC 1.2.9. I can do it if I setup a local server, but not with just the viewer. In this case, there's no need for a server on the user end. However, the client has a built in "host" which can be used to terminate a VNC session. I don't have much experience using this feature, but that's what I was guessing he was doing with the port 12000. Maybe not, I can't tell for sure from the description.

Anyway, there are some web pages that explain how to run VNC over SSH including the loop-back connection, which has to be specifically enabled. That's probably the OP's problem.

Jeff, your posts are always a good laugh. lol

"At home, behind my DI-524, I ssh using vnc to my ssh server," - seems pretty obvious to me.

That's what I figured.

He didn't mention port-forwarding at all, though he said he set up firewall rules to allow access to his _work_ computer on port 5900. Which makes some sense on that end - but only if the ssh server and his work computer are separate hosts on the same (at-work) network.

I didn't know about the built-in host - I've only used it with a local server.

No, I think we've done this to death without more detail :-)

That would be my guess, too.

It's called a "reverse host" and is used with the VNC reflector running on the (Unix) server. I don't know anything about it.

But very informative I might add..