VNC tunnel over ssh through proxy server

smon1

Hi,

I need to be able to connect to a Mac OS X machine in my organization from my home.

The Mac is behind a server and a proxy server.

If I am hosting a website on the Mac and am able to access it through a tunnel from home as follows:

Using Windows XP
OpenSSH: ssh -D 9009 -f -q -N username@server.org.com
Firefox: SOCKS Host: localhost:9009
URL: IP_ADDRESS~username/

My problem I think is that the Mac is behind a proxy

So I first need to connect to the proxy and then connect to the Mac

I have TightVNC, Putty and openSSH on my home pc . How would I use these to establish a VNC connection to my Mac machine.


Any help would be grately appreciated

smon1

brianoconnell

I'm not an expert, but, I would imagine your organisation has some form of firewall in place, maybe just a simple but effective NAT router? Unless that is configured to accept the incoming SSH traffic, your not going to get in directly.

Also, what is the nature of the proxy server - what is it proxying?

Cheers,
Brian

Zapho

Hmmm, I doubt the proxy server is your problem. Proxies are usually for http traffic (afaik).

If you can't ssh to the machine, then ssh is probably blocked by a firewall, so you're probably going to have to ask someone for permision to open the ssh port or tunnel via a computer in the DMZ (if there is one!)

I'm trying to do something similar myself at the moment. I'll let you know how I get on!

brianoconnell

If you look more into what openSSH server can do, you might be able to connect from the mac at work to whatever at home, then go back across that connection from home to get to the mac. The proxy might not allow that and it would probably almost certainly break any company policy I have ever heard so check first!

layke

Easiest way in is to use a VPN and then VNC or if you can get your hand on Apple Remote Desktop.

KeRbDoG

Yea need to setup port forwarding at their router/gateway to enable whatever external port number yea want to be directed at their local network PCs SSH port

smon1

Here is a diagram of the topology.

I have local administrative full access privileges on the mac and on my home laptop. The proxy is a http proxy.

I am able to use the VNC client from another mac in the organization and connect to my mac but don't know how to do it externally and without a mac

brianoconnell

Sounds like the easiest thing to do would be to SSH to the server in your org, pick up a console session on that, and then VNC from the server to your mac. If the server is a microsoft server, you would need the RDP client on your home kit.

Snowbat

You can use SSH port tunneling in Putty for this.



Source port can be any unused port number on your local machine. Destination will be the IP address of your Mac on the internal network:VNC_listening_port (usually 5900 for Windows VNC servers, 5901 for the first screen on Unix VNC servers - not sure about OS X).

I'd also suggest turning on compression in the SSH options.

Once connected, you can VNC to 127.0.0.1:source_port and the traffic will be sent through the tunnel.

bricks

You need to ssh from your work PC into the home server.
You'll need to enter the proxy settings into putty so it can get to the internet.
So from the work PC ssh in and setup a remote tunnel for the VNC port, this will then effectivly put the VNC port on your home server.
You should then be able to vnc to your home server and the work machine will come up.

If you have problems with the SSH connection not opening from work to home you might need to change the ssh port on your home server to 443.
Also you might need to enable keepalives if the proxy times out connections.

Also your IT department might wonder what all the traffic is and you may get in trouble for bypassing the firewall. Proxy server will log the accesses.