Tunnelling through a NAT

[Ruler2112]

I would like to use VNC to remotely control the desktops of various PCs where I work. I've already gotten it working over the LAN; very slick setup. However, the next step is to control them from the homes of employees. This will be done from either a cable modem, DSL, or dial-up, all of which have dynamic IPs and are most likely NATed. Our LAN here at work is NATed by the ISP providing our T1 line as well. I think this should be possible, but am by no means an expert at networking stuff.

The main problem that I see is knowing what PC on the network to go to when connecting to the firewall/gateway. I have access to neither the machine doing the NATing here at work or the ones used by our employees ISPs, so configuration changes at that level will be difficult if not impossible to implement.

The basic layout is this:

home pc ---> ISP ---> i-net ---> T1 ---> LAN

The home PC will have a private IP, but only within the ISP; all the traffic will appear to be coming from the ISP machine as viewed from the internet at large and the ISP machine will handle the routing of packets going out/coming in to the proper machine on that private network. The machines on the LAN have IPs unique only to that LAN; the traffic coming from every PC on the LAN appears to be coming from the T1 machine. (I've verified this last part to be accurate - looks very much like the IP Masquerading setup I did on a RedHat box a while back.)

I've already searched the VNC mailing list and read all the posts with NAT in them. Several are really good, some conflict, and a few soar right over my head. (Like I said, my specialty isn't networking.) My gut tells me that this should be possible, and there are several messages on the VNC mailing list that concur. (All are either incomprehensible to me, pertain to a different setup, refer to webpages that no longer exist, or a combination thereof.) I'm heading to google next, but was wondering if maybe somebody here had any experience and/or knowledge of doing this kind of thing.

[DVNT1]

Based on the information provided: without making changes to the NAT box at the office, there isn't anyway to do this through the NATed T1 connection. If you control the box doing NAT, then you can map Internet traffic to specified LAN computers.

Even if have control over the box doing NAT, you may still have trouble directing requests on one public IP to the appropriate LAN computer IP. One way this could work, use non-default port mappings on the public side then direct each one separately to the appropriate LAN computer IP. Depending on you NAT device, this may not be a possible configuration.