No, it needs something like DynDNS. But do *not* just let a VNC server
listen on the 'Net; that's a security nightmare waiting to happen.

In the following, I'll assume you got CygWin and the target is a Windows
system.

Either get one of the VNC distros that have SSH built in, or install
CygWin (http://www.cygwin.com) and make sure to include and install
the OpenSSH package (in Networking). You'll have to configure OpenSSH,
but that's pretty easy--open a CygWin shell and run ssh-host-config.

After you've configured your host, it's a good idea to edit the file
/etc/sshd_config (again, from within the CygWin shell) to restrict access
to only your account, at least. You'll have to set write permissions
to do so, and clear them afterward.

In detail:

1. Install CygWin.
2. Start a bash shell (there will be a CygWin icon on your desktop).
3. cd /etc
4. chmod a+w sshd_config
5. Edit sshd_config, then write it.
6. chmod go-w sshd_config

The editing will, of course, depend on your familiarity with editors; I can
give you the keystrokes for 'vi', but you may want to familiarize yourself
with it. Otherwise you can edit sshd_config as a text file using Windows
tools--it'll be in (by default) C:\CygWin\etc\sshd_config.

cd /etc
vi sshd_config
:$
o
AllowUsers loginname
ESC
:wq

In the above, substitute your real login on the target machine for
"loginname". Another change that may be a good idea is to find the
line "#MaxStartups 10" and change it to "MaxStartups 5:50:10".

Then make sure the CygWin SSH service is started. If you're running a
firewall, make sure that port 21 is directed to the target machine (or
if you're running a local software firewall--hopefully not the Windows
firewall--enable the SSH program).

You then will ssh into the DynDNS address; I recommend PuTTY. Make sure
to create a tunnel into the system--Local port 5900 to localhost:5900.

Finally, after logging in, just run the VNC Viewer and connect to "localhost".

It's not as complicated as explaining it line-by-line would make it look, and
there are plentiful pointers to configuration on the 'Net.

Good luck,
--
Dave Ihnat
President, DMINET Consulting, Inc.
***@dminet.com

Hello,

Is it possible to run VNC server through NAT without configuring port
forwarding?
Cause I have a PC behind that but I am not able to edit the router
configuration...
I thought using a software to emule a virtual lan, like Hamachi, but I'm not
sure that it will work... Have someone tried it to pass through NATs?
Does anybody have other suggestion?

Thanks in advance!

Hi Byron,

All VNC and VNC-based servers such as TightVNC should accept connections on
all network interfaces by default, and so should work on systems using
dynamic IP addresses. You will probably need to set up a Dynamic DNS name
for the server, however, so that you can access it remotely regardless of
address.

I'd recommend either setting up secure tunnelling to the server, or using
VNC Enterprise / Personal Edition (http://www.realvnc.com/download.html),
which has strong session security in-built. TightVNC is based on our old
VNC 3 system, which does not provide session security, and so is not
suitable for use over untrusted networks.

Regards,

And if you add "web proxy" to something you're stuck
behind, that's what EchoVNC was designed for. :)

cheers,
Scott