Home > Support > HOWTO List > Accessing a VNC server behind a firewall

Accessing a VNC server behind a firewall

Ever need to remotely connect to someone's desktop?  e.g. to provide remote assistance

Having a problem doing that because their PC has a private (local) IP address?  Or because they are behind a firewall preventing you connecting to them?

There is an option where the VNC server can connect to a VNC viewer.  But if your viewer is on a private (local) IP or you are behind a firewall then you still have the same problem.

A solution to this problem is available if you (the vncviewer) has access to a server on a public IP running SSH.

Assume the setup is:
[yourpc / vnc viewer] <---> [firewall/router] <---> [ssh sever] <---> [firewall/router] <---> [remote pc/vnc server]

On the ssh server make sure there is a "GatewayPorts yes" line in /etc/ssh/sshd_config

Restart sshd if you had to add that.

From your pc run: vncviewer -listen

It will respond with something like:

vncviewer -listen: Listening on port 5500 (flash port 5400)

From your PC run:

ssh -R port:host:hostport sshserverip


ssh -R sshserverip:5500:localhost:5500 sshserverip

This will setup a reverse tunnel.  The tunnel will listen on the remote ssh server on 'hostport' (5500) for new connections.  When it gets one, your pc will be forwarded the conection and it will connect to 'host' (localhost) on the 'host' (localhost) port 'port' (5500).

From the remote PC the person running winvnc should 'Add New Client' and use the sshsererip:5500 for the new client address.