On 3/23/2012 11:40 AM, William Hooper wrote: > On Thu, Mar 22, 2012 at 11:03 PM, Bob Hoffman<bob at bobhoffman.com> wrote: > [snip] >> opened port 5902 in iptables, restarted iptables >> |INPUT -m state --state NEW -m tcp -p tcp --dport 5902 -j ACCEPT > [snip] >> in putty I made a saved session called 'vnc to my server' >> went to connections, ssh, tunnels in putty explorer >> added source port, 5902 >> destination I put in localhost:5902 >> click add >> then save the whole session (go back to session page) > [snip] > > Note if you are exclusively using an SSH tunnel to access your VNC, > you don't need to open a port for VNC in the firewall. In fact, not > opening a direct port for VNC is a good way of enforcing the tunnel to > secure the connection. > well, that makes sense. And I like that alot. Less ports the better. This is only for my host so I can run virt-manager. Thanks for the great tip. bob