Learn how easy it is to sync an existing GitHub or Google Code repo to a SourceForge project! See Demo

Close

COTVNC to MacOSX externally

Help
Don Vawter
2006-03-13
2013-04-30
  • Don Vawter
    Don Vawter
    2006-03-13

    I can connect to the Mac on my local subnet but cannot ssh to the Mac or telnet on 5900 externally. I have opened 5900 and 5901 on firewall (yeah I know I shouldnt and if i can get ssh to work I will tunnel instead) to no avail. This is really a Mac OSX question than a COTVNC question but I was hoping some of the smart people would have an idea?

    TIA

    Don Vawter

     
    • Kurt Werle
      Kurt Werle
      2006-03-13

      Don't open 5900, 5901.

      What is your mac's IP address?  What does your network look like?

      When you say you can connect to your mac, what do you mean (ssh)?

      Are you behind a NAT server?  'Cause I bet you are.

      If so, have you told your NAT server to forward the appropriate port (ssh) to your mac?

       
      • Don Vawter
        Don Vawter
        2006-03-14

        My public ip is my linux coyote firewall which is what www.vawter.com resolves to.

        I have coyote 1822 port forward to my Mac on 22

        I have 1622 port forward to a linux box and can externally ssh to that with ssh -p1622 blah

        if i do the same ssh -p1822  my mac box wont accept the connection.

        I can ssh to the mac from behind the firewall but only if i declard the host to be g5.local if i try to ssh directly to its local ip 192.168.0.75 the mac rejects it.

        It seems to me that the Mac is locked down from external connections and even filters internal connections. Since I can go through my firewall to other boxes it seems unlikely to me to be a firewall issue unless I fat fingered it which is not unusual :-) but I have double checked that.

        I can always get the the command line on the mac by ssh to linux box and then ssh from there (shich is behind firewall) to the mac but that doesnt help me if i want to use COTVNC

         
        • Kurt Werle
          Kurt Werle
          2006-03-14

          "I can ssh to the mac from behind the firewall but only if i declard the host to be g5.local if i try to ssh directly to its local ip 192.168.0.75 the mac rejects it. "

          You sure?  Is it just taking a long time?  This makes it sounds like a config problem on the mac - certainly I can ssh to my macs without specifying them by their .local name.  My guess is that it is not really at the .75 address.

          Can you VNC from the linux box to the Mac?

          "I can always get the the command line on the mac by ssh to linux box and then ssh from there (shich is behind firewall) to the mac but that doesnt help me if i want to use COTVNC "

          Not true -
          ssh -p1622 blah -L 5900:g5.local:5900
          should work just fine if you can VNC from your linux box to the mac.  Note that your VNC connection will be in the clear on your LAN, so if that's an issue, you should avoid this.

          Once you solve the ssh issue on your local net (I recommend lots of ssh -v), VNC should just fall into place.

           
          • Don Vawter
            Don Vawter
            2006-03-14

            I retried ssh internally using ip address and it worked fine. must be my memory is as faulty as my fingers :-)

            I just tried the tunnel as you suggested externally and appears to work. I didnt try VNC because the external box is a headless linode but i certainly could telnet to the mac on 5900 so i suppose I can VNC from an external box that has the client. I will try it when I take my laptop out.

            Thanks for your help

             
    • Don Vawter
      Don Vawter
      2006-03-14

      Solved. Thank you for your help. Tested successfully today externally.

       
      • Kurt Werle
        Kurt Werle
        2006-03-14

        You are leaving us (well, me) in suspence - what was the problem?

         
        • Don Vawter
          Don Vawter
          2006-03-14

          no problem after i implemented your suggestion of ssh into linux and forwarding 5900. That is a much more secure solution anyway than opening up 5900. I still dont know why the Mac won't accept ssh from a remote site but I expect it is by design. Certainly the server sshd daemon has to be running or else you couldn't get there from subnet.

           
          • Kurt Werle
            Kurt Werle
            2006-03-14

            "I still dont know why the Mac won't accept ssh from a remote site but I expect it is by design."

            Absolutely not.  I do it all the time.  I suspect it is a problem with your NAT box config.

            But you have VNC working, so happy trails!

             
            • Don Vawter
              Don Vawter
              2006-03-14

              just tried ssh again and it is fine. I have no clue what was wrong the other day. Maybe I did it b4 I had my morning coffee and kept fat fingering something. Sorry for the bother.