I do something similar to get to my work machine via my isp. I wanted to lock access down to a single ip address but my cable modem has been changing ip's every day or two. I don't have the script here so I'm going from memory. I open an ssh session to the isp and then set up a local redirection from my machine to my work machine's ssh service. Then I set up an ssh session from the local machine to the redirected port to my work machine through the isp's machine. That second connection contains the local redirection from local port 1993 to the imap server on the work machine at 993. If someone hasn't posted a better explanation before I get home I'll post the script. --rick Max Eper wrote: > I've been using VNC over SSH for a while so that I can be a friend's > help desk - set his cable modem router to forward 22 and away we go. > > I'd like to be able to do the same to connect to my home machine while > traveling, but it's behind two (NAT) cable modem routers, with 22 > going to a machine behind the first router, and my personal computer > behind another router which is downstream of the first router. > > Here's an ASCII masterpiece - hope you're monospaced: > > WAN -> NAT1 -> Public_Server > | > -> NAT2 -> Home_1 > | > -> Home_2 > > NAT2 is not sending any RIP info upstream, FWIW. > > If I set the second router (NAT2) to forward 22 to Home_1, I could > then SSH to Public_Server, and from there, SSH to NAT2 which would > forward to Home_1. (I specifically do not want to forward all 22 > traffic from the net straight thru to the internal private network.) > > I'm stumped as to how to do a 'VNC two-step' to get to Home_1 from the > outside using this setup. Any help appreciated. > > Thanks in advance, > > Max > > _______________________________________________ > TCLUG Mailing List - Minneapolis/St. Paul, Minnesota > tclug-list at mn-linux.org > http://mailman.mn-linux.org/mailman/listinfo/tclug-list