I have two machine say A and B. machine A is a public gateway. machine B is in my network and running VNC server on port 6000. I want people should connect on machine A on VNC port say 5900 (unsecured). after this the machine A should setup a tunnel from self 5900 port to port 6000 on machine B(secured).and people can see vnc output without connecting to actual host.
how this can be done? is there any way? please let me know if i am wrong somewhere. Thanks
You should check out the -via option of vncviewer. If you set up SSH access to host-a, you can open access your VNC server as follows:
vncviewer -via host-a host-b:6000
This will open an SSH session to host-a, forward host-b:6000 to your local machine and point the VNC viewer to that forwarded port, all in one command. The traffic from your host to host-a will be encrypted, whereas the traffic from host-a to host-b will be unencrypted.
EDIT: After re-reading your question I realized that this is not exactly what you were asking. I think you should be able to achieve what you want using a plain TCP proxy such as simpleproxy or rinetd installed on host A. Configure that proxy to forward traffic from port 5900 to host B. Example rinetd.conf:
# bindadress bindport connectaddress connectport
0.0.0.0 5900 <ip-of-host-b> 6000
From a security point of view, the solution involving SSH would be preferable, though...
It won't work automagically like that. Also having unsecured VNC on your public gateway is not a smart option.
You should really try a VPN, you could have an OpenVPN or even a PPTP server on A, then clients would connect to the VPN and then to the VNC server on B easily.
Another option would be SSH forwarding, you could setup an SSH server on B (or A but B is easier), forward the SSH port to B and then connect via putty or any SSH client that supports forwarding.
From linux or SSH client on cygwin:
ssh [hostname] -l username -L 6000:localhost:6000
Putty instructions: http://oldsite.precedence.co.uk/nc/putty.html
After that you could connect with any VNC client using localhost:6000 (ex: vncviewer localhost:6000)
