I can connect to the Mac on my local subnet but cannot ssh to the Mac or telnet on 5900 externally. I have opened 5900 and 5901 on firewall (yeah I know I shouldnt and if i can get ssh to work I will tunnel instead) to no avail. This is really a Mac OSX question than a COTVNC question but I was hoping some of the smart people would have an idea?
Don't open 5900, 5901.
What is your mac's IP address? What does your network look like?
When you say you can connect to your mac, what do you mean (ssh)?
Are you behind a NAT server? 'Cause I bet you are.
If so, have you told your NAT server to forward the appropriate port (ssh) to your mac?
My public ip is my linux coyote firewall which is what www.vawter.com resolves to.
I have coyote 1822 port forward to my Mac on 22
I have 1622 port forward to a linux box and can externally ssh to that with ssh -p1622 blah
if i do the same ssh -p1822 my mac box wont accept the connection.
I can ssh to the mac from behind the firewall but only if i declard the host to be g5.local if i try to ssh directly to its local ip 192.168.0.75 the mac rejects it.
It seems to me that the Mac is locked down from external connections and even filters internal connections. Since I can go through my firewall to other boxes it seems unlikely to me to be a firewall issue unless I fat fingered it which is not unusual :-) but I have double checked that.
I can always get the the command line on the mac by ssh to linux box and then ssh from there (shich is behind firewall) to the mac but that doesnt help me if i want to use COTVNC
"I can ssh to the mac from behind the firewall but only if i declard the host to be g5.local if i try to ssh directly to its local ip 192.168.0.75 the mac rejects it. "
You sure? Is it just taking a long time? This makes it sounds like a config problem on the mac - certainly I can ssh to my macs without specifying them by their .local name. My guess is that it is not really at the .75 address.
Can you VNC from the linux box to the Mac?
"I can always get the the command line on the mac by ssh to linux box and then ssh from there (shich is behind firewall) to the mac but that doesnt help me if i want to use COTVNC "
Not true -
ssh -p1622 blah -L 5900:g5.local:5900
should work just fine if you can VNC from your linux box to the mac. Note that your VNC connection will be in the clear on your LAN, so if that's an issue, you should avoid this.
Once you solve the ssh issue on your local net (I recommend lots of ssh -v), VNC should just fall into place.
I retried ssh internally using ip address and it worked fine. must be my memory is as faulty as my fingers :-)
I just tried the tunnel as you suggested externally and appears to work. I didnt try VNC because the external box is a headless linode but i certainly could telnet to the mac on 5900 so i suppose I can VNC from an external box that has the client. I will try it when I take my laptop out.
Thanks for your help
Solved. Thank you for your help. Tested successfully today externally.
You are leaving us (well, me) in suspence - what was the problem?
no problem after i implemented your suggestion of ssh into linux and forwarding 5900. That is a much more secure solution anyway than opening up 5900. I still dont know why the Mac won't accept ssh from a remote site but I expect it is by design. Certainly the server sshd daemon has to be running or else you couldn't get there from subnet.
"I still dont know why the Mac won't accept ssh from a remote site but I expect it is by design."
Absolutely not. I do it all the time. I suspect it is a problem with your NAT box config.
But you have VNC working, so happy trails!
just tried ssh again and it is fine. I have no clue what was wrong the other day. Maybe I did it b4 I had my morning coffee and kept fat fingering something. Sorry for the bother.
Log in to post a comment.