# Remote Desktop Sharing behind NAT

## iloose2

I have several machines that I manage that are behind NAT boxes that I do not have control over and would not be able to get the required ports forwarded.

I would like to install Tight VNC on the (Windows Client).  Script Putty (or other SSH client) to connect to a dedicated server, and use SSH port tunneling to forward TCP ports 5800 & 5900 to the client behind NAT.

So the question being can I forward ports from the dedicated server with the connection initiated by the client?  Can the port forward be setup without the server requiring SSH to be forwarded to the client?

The goal here is of course to not use Go2MyPC (or other subscription based services) $20/machine/month adds up fast  :Wink: 

Thanks.

----------

## HomerSimpson

I have read this somewhere. I just did a search and came up with this

and this

----------

## iloose2

Thats not what I'm trying to do.  

The Windows Client will be running the Tight VNC Server behind NAT.  It will connect to the Linux server with SSH at startup, and setup a port forward to the Windows client to bypass NAT.

----------

## devon

Does this post help? This is the method I use to ssh to a box behind a NAT gateway after said box setups an ssh tunnel. I tried this method using PuTTY on Windows 2000 at work behind our NAT gateway to a server I have on the Internet and I was able to tunnel basic NetBIOS traffic across.

----------

## iloose2

No...

 *Quote:*   

> Here's the question with only the ssh port open on my local firewall (AZ) can I have her use SSH (in CA) to open a tunnel or a reverse terminal session so that I can fix the Airport?

 

They had the ability to open the SSH port.  I do not.

I can only use SSH to connect to an exteral server.  The connection must be established from the internal machine to an external SSH server.

----------

## tagwar

it's quite simple...  :Wink: 

say foo is the machine on the internet, that shall be able to connect to bar, which is the machine behind those nat boxes.

on bar do:

ssh -C -R 5900:127.0.0.1:5900 foo

local connections on foo to port 5900 will then be redirected to port 5900 on bar.

you can even connect another system behind the nat boxes by doing 

ssh -C -R 5900:<other boxes ip>:5900 foo

Since you're using putty, you have to do that in there. There's an option for that called "SSH tunnel" or something like that. You can put in a couple ports there and go... 

HTH

Tom

----------

## iloose2

Thanks Tom, that did the trick.

Now I just need a program or script to maintain the connection from the Windows client.  

Any easy was to automatically reestablish an SSH connection in Windows when the connection is terminated when the client moves from network A to network B without restarting the machine? Or when the connection is terminated for inactivity?

The only way I see to do it is a script that looks at the output of netstat and establishes the connection if it is not present?  Any better ideas?

Thanks

William

----------

## nobspangle

You could transfer a self refreshing webpage over the ssh tunnel, make it really small (just the header) and set it to refresh every 15 seconds. That will keep the tunnel open. Or if you don't need the ssh shell (you're just using vnc) you could write a simple scripts that echos some text every 15 seconds.

----------

## tagwar

you could write a batch file (you know.. this M$-copy thing of a shell script... ) Dunno if this is realy a good idea..

besides that, why not install cygwin? You could use some bash script then for reconnecting if the link goes down... I think I saw some project on freshmeat that does just that.

HTH Tom

----------

## nobspangle

The other option would be to set up a vpn using openvpn, that automatically reconnects after drops and changes of IP etc. It only requires you to open a port on the firewall at one end of the tunnel (the end you have control over)

----------

## iloose2

Here's the script that I wrote, just place it in the Startup folder for all users.  It will check to see if the SSH connection is established every 10 seconds, if it is not it will establish a new one.  I need to change it to resolve the name www.icali.net to the IP address, and it will be finished:

VB Script

```

Dim Connected

Do While True

   Connected = False

   Set objFSO = Wscript.CreateObject("Scripting.FileSystemObject")

   Set objShell = Wscript.CreateObject("Wscript.Shell")

   objName = objFSO.GetTempName

   objTempFile = objName

   objShell.Run "cmd /c netstat -an | find /I ""66.45.68.157:22"" >" & objTempFile, 0, True

   Set objTextFile = objFSO.OpenTextFile(objTempFile, 1)

   Do While objTextFile.AtEndOfStream <> True

      strText = objTextFile.ReadLine

      If Instr(strText, "ESTABLISHED") > 0 Then

         Connected = True

         Exit Do

      End If

   Loop

   If Connected = False Then

      objShell.Run "cmd /c %windir%\ssh.bat", 0, True

   End If

   objTextFile.Close

   objFSO.DeleteFile(objTempFile)

   'Take a nap

   Wscript.Sleep 10000

Loop

```

Here is the ssh.bat file:

```

plink user@host.net -C -R 5900:127.0.0.1:5900 -R 5800:127.0.0.1:5800 -pw passwordhere

```

Also, add top to .bash_profile this will keep the SSH connection alive.

Finally install VNC on the client and under Advanced in Properties Allow loopback connections

Now you can connect to the server with your preferred SSH client and forward ports 5900 & 5800 to 127.0.0.1 and then connect with the VNC viewer or web based interface.

To add more clients just change the port numbers.

Or visit www.go2mypc.com and pay $19.95/month per PC   :Razz: 

----------

