Remote Desktop (VNC) with Port Problems

I can't talk about doing this from a restricted wireless network, but I am able to tunnel VNC and afp services over ssh from foreign networks into (and through) my home DSL modem.

First, I have to have my Mac at home and my DSL modem set up for static IP address assignments on the NAT side of the modem (the 192.168.x.x addresses). This is because, with my modem, at least, if I don't, port forwarding won't work. And you gotta enable port forwarding.

Then in the DSL modem, I forward port 22 to 192.168.0.2 (my computer's static IP address on my home LAN). Any inbound traffic from the outside world specifying destination port 22 is passed to 192.168.0.2.

In my home Mac's SysPrefs/Sharing/Services, I have remote login checked. I also have personal file sharing checked (for afp), and Apple Remote Desktop checked (for VNC). In SysPrefs/Sharing/Firewall, I also have VNC checked (you need both ARD and VNC checked to use VNC unless you are running a VNC server program -- you don't need to actually be running the ARD program). Also, on the Services panel, while you have ARD highlighted, click on Access Privileges and click the box that says VNC viewers may control screen.

Now, on my "on the road" laptop, no matter what foreign network I am on, so long as they don't block traffic to destination port 22, I can create a ssh connection and tunnel afp and vnc services over it. In Terminal, you would type, for example, (I'm assuming your short user name on the machine you are trying to login to is "joe" (and that's a lower case "L" between ssh and joe) and I'm assuming that the IP address assigned to your DSL or cable modem by your ISP is 71.49.201.36 -- if you have a host name that can be resolved by a DNS server, you can use that in lieu of the IP address)

ssh -l joe -L 5901:127.0.0.1:5900 -L 5548:127.0.0.1:548 71.49.201.36

Once your ssh command line session is established, and you are in your remote machine's environment, I usually minimize Terminal onto the Dock, just to not clutter stuff up on my screen.

Then, to mount my remote computer icon on my desktop, in the finder, I do an apple-k (a.k.a. command-k) and specify 127.0.0.1:5548 as the server I want to connect to. You get prompted for username and password to mount the afp server (your remote computer) and once mounted, you can drag and drop and open and close files. apple-e top eject when done.

For VNC, then I launch Chicken of the VNC client and connect to 127.0.0.1:5901 and I am a remote keyboard/mouse/display to my home computer.

The port numbers 5548 and 5901 can be pretty much anything you want, just so you use them in both places.

After you have ended your afp and vnc sessions, then the last thing you do is go back to Terminal and type "exit" to tear down the ssh session.

I think this would pretty much what you would want to do.

I've not tried the following, but you can set up reverse tunnels, too. You'd initiate a ssh session from the guy you want to log in to, to the guy you will be logging in from (I think!), like this

(I'm assuming "joseph" is the short user name on the computer you will be establishing a vnc and/or afp session from, later, and its IP address is 36.24.36.2 -- and he's already got to be turned on and on the internet)

ssh -l joseph -R 5901:127.0.0.1:5900 -R 5548:127.0.0.1:548 36.26.36.2

Then later, when you're on the computer (36.26.36.2), you just apple-k and select server 127.0.0.1:5548, and to run vnc, connect to 127.0.0.1:5901. No need to set up a tunnel because the other end already did it. At least that's how I think the reverse tunnel works. Like I said, I've never tried doing it that way. It's utility would be where you can't control a netwk admin blocking inbound port 22 to the netowrk where the computer you want to connect to resides, but (s)he allows outbound destination port 22.

But I know the regular port forwarding works (with the "-L" options) because I do it all the time this way.