How to Tunnel VNC from One IP Address to Another?

So I work for a POS company and there are quite a few locations that require a direct ssh connection from only the office IP address.

So many things we can do properly when connecting onto the main server computer with tunnels via putty or the fork I use named kitty.

However, unless you are directly connected onto the machine I can’t seem to tunnel the VNC port of 5900 to another terminal. tried using the alternate port of 5901 too without it working.

So basically I want to daisy-chain the VNC connection port from the main server computer to another terminal to load the desktop.

Running the ssh [email protected] works fine of course but not finding a way to properly load the VNC desktop on the other terminal when not directly connected onto that machine.

Any thoughts on this one ?

Could be some command line switches I’m missing on the VNC side or the tunnel settings perhaps ?



  β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”                 β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”                  β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”
  β”‚  Workstation         β”‚                 β”‚  Server            β”‚                  β”‚ POS                β”‚
  β”‚                      β”‚      ssh        β”‚                    β”‚     tunnel       β”‚                    β”‚
  β”‚  100.10.19.22        β”œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β–Ίβ”‚  192.168.1.10      β”œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β–Ίβ”‚ 192.168.1.20       β”‚
  β”‚                      β”‚                 β”‚                    β”‚                  β”‚                    β”‚
  β”‚                      β”‚                 β”‚                    β”‚                  β”‚                    β”‚
  β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜                 β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜                  β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜
                                      port 22 open from 100.10.19.22               port 5900 open on LAN (192.168.1.0/24)

                                      port 5900 open on LAN (192.168.1.0/24)       port 5900 open on localhost 127.0.0.1

                                                                                   port 22 open on lan (192.168.1.0/24)
                   

It all depends on whether the target machine has VNC listening on the local network or on the loopback interface only.
If it is the former, then you can use an ssh tunnel to the serve and go from there
If it is the latter then you will need a double redirect if the POS has ssh capabilities in …

VNC listening on port 5900 on POS, LAN connections enabled:

from Workstation:

ssh -L5900:192.168.1.20:5900 [email protected]

This will connect to server and create a listening port on your workstation that will redirect traffic to the VNC port of the POS
Now you can run Vnc viewer on workstation and point it to localhost:5900

VNC listening on port 5900 on POS, LAN connections disabled (only listening on 127.0.0.1 - ssh enabled on LAN:

ssh -L2222:192.168.1.20:22 [email protected]

This will create an initial tunnel to Server, and open a local port on Workstation connected to the listening ssh daemon on POS, you need a second tunnel:

ssh  -P 2222 -L5900:localhost:5900 [email protected]

This will connect to the local redirect for ssh, log on to POS, and create a second local port riding the first tunnel, and will open a second local port for your VNC connection …
Now you can run Vnc viewer on workstation and point it to localhost:5900

YMMV and all that, depending on how well I got your description of what you need to do and how your connectivity is set up …

1 Like

Ah thanks for the details, I will review and see what I can get accomplished :slight_smile: