Up until recently, I have set up computers on my internal private 192.168.x.x networks with a VNC server running on each system. Using port forwarding (configured in SuSEFirewall2) we were able to access each computer from a remote site, over the internet, so long as we remembered which port was forwarded to port 5900 of the computer we wanted to attach a vnc viewer to. That worked fine, but three issues came up which made me decide to try a different approach. One this is an unencrypted channel. Two our open VNC ports were coming under heavy attacks, and three it is hard to remember which port on the firewall computer is forwarded to which destination computer in our network. So I decided to turn off the VNC servers and use SSH to establish an encrypted channel, start a x11vnc server when needed, and port forward the VNC port to the local host. This works fine when establishing a connection to our firewall computer - ssh -t -L 5900:localhost:5900 username@ourdomain.com 'x11vnc -localhost -nolookup -nopw -display :0' and then attach a vncviewer to localhost - vncviewer -encodings "tight copyrect hextile" localhost:0 but, my question is how can I extend this approach so as to reach different computers within our private network? What I would like to do is something like this - ssh -t -L 5900:localhost:5900 username@computername.ourdomain.com 'x11vnc -localhost -nolookup -nopw -display :0' but I don't know (or think it is even possible) how to configure our DNS server to resolve "computername.ourdomain.com" with a useable address for accessing it from the internet. Internally our DNS server resolves "computername.ourdomain.com" to a private 192.168.x.x which is not useable from an external location. (Works fine internally only) Seems like we would have to purchase a bunch of static IP addresses, which is not feasible/desirable. I looked to see if there is some way to configure bind (named) to associate a port with a particular computername so that we could then use port forwarding to route it to an appropriate computer, but no joy finding such a solution... i.e. something like this A record is what I am thinking, if you get my drift - computername IN A IPAddress:port but I don't think there is a way to specify a particular port as such, and this would get messy if I wanted to reach different ports. Probably had to use unique computernames to identify which port I wanted or some such scheme. Should I open up a bunch of ports for SSH connections and use SuSEFirewall to route them to the appropriate computer? That puts us right back to having to remember which port gets forwarded to which computer.... Is there any other approach I could take? Thanks in advance for any and all ideas... Marc... -- "The Truth is out there" - Spooky -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org