Security – tunneling VNC port and port forwording

port-forwardingSecurityssh-tunnelvnc

I have two machine say A and B. machine A is a public gateway. machine B is in my network and running VNC server on port 6000. I want people should connect on machine A on VNC port say 5900 (unsecured). after this the machine A should setup a tunnel from self 5900 port to port 6000 on machine B(secured).and people can see vnc output without connecting to actual host.

how this can be done? is there any way? please let me know if i am wrong somewhere. Thanks

Best Answer

You should check out the -via option of vncviewer. If you set up SSH access to host-a, you can open access your VNC server as follows:

vncviewer -via host-a host-b:6000

This will open an SSH session to host-a, forward host-b:6000 to your local machine and point the VNC viewer to that forwarded port, all in one command. The traffic from your host to host-a will be encrypted, whereas the traffic from host-a to host-b will be unencrypted.

EDIT: After re-reading your question I realized that this is not exactly what you were asking. I think you should be able to achieve what you want using a plain TCP proxy such as simpleproxy or rinetd installed on host A. Configure that proxy to forward traffic from port 5900 to host B. Example rinetd.conf:

# bindadress    bindport  connectaddress  connectport
0.0.0.0 5900 <ip-of-host-b> 6000

From a security point of view, the solution involving SSH would be preferable, though...

Best Answer

Related Solutions

Linux – fast VNC server on Linux

Router – Can connect to VNC only when computer is connected to another vnc server

Related Topic