Accessing multiple VNC servers using only one SSH port?

[Bruce Atherton]

I've gone through the FAQ and mailing list looking for an answer to this 
problem, but so far I haven't seen anything relevant. Sorry if I just 
missed it.

I'm trying to figure out a way to use a single open port on a firewall to 
connect to one of several VNC servers. Something like this (apologies to 
the proportional font crowd):

                                             -- VNC Server 1
                                             |
   Client -> Internet -> Firewall -> SSH  ---|- VNC Server 2
                         port 22    Server   |
                                             -- VNC Server 3

If you already have a solution for this problem that works, I would love to 
hear about it. If not, then I have a way to get this behaviour but I don't 
know how to set it up currently, and would love some advice.

This isn't a hard problem from an architecture point of view. The SSH 
server could have a program run by the client that opened a socket to a 
named machine and port and that returned that socket on its standard out. 
The VNC client could have a facility for communicating over its standard 
in, piped in from the ssh client (after dealing with the password).

So, if a program on the SSH server was called "opensocket" and the firewall 
was configured to forward port 22 to the SSH server, on the client you 
could run something like:

     ssh firewall.my.org opensocket vnc1.my.org 5901 | vncviewer -

and have it all just work, even if multiple clients are connecting to 
different servers across the firewall at the same time.

Due to blocking you may not want to use pipes, but you get the idea. Does 
anyone know of any way of accomplishing something like this?

Any ideas at all gratefully accepted. Thanks.