I want to access the windows desktop running (tightVNC) next to the
linux server at work (NTGHICU1). I can connect from the linux box to
the windows machine

NTGHICU1 ~ # telnet 10.138.8.77 5900
Trying 10.138.8.77...
Connected to 10.138.8.77.
Escape character is '^]'.
RFB 003.003

i then setup a reverse tunnel to the home machine (grenada)

ssh -R 5910:10.138.8.77:5900 xx.xx.xx.xx

and connect to the home end of the tunnel

grenada ~ # telnet localhost 5910
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
RFB 003.003

grenada tmp # lsof |grep 5910
sshd 21296 root 8u IPv4 1225398 TCP
localhost:5910 (LISTEN)
grenada tmp # netstat |grep 5910
tcp 0 0 localhost:5910 localhost:4320
TIME_WAIT
grenada tmp #

but I cant connect from a LAN client

dads tmp # telnet grenada 5910
Trying 192.168.0.254...
telnet: Unable to connect to remote host: Connection refused
dads tmp #

shorewall is the firewall

grenada tmp # grep ^[A-Za-z0-9\ ] /etc/shorewall/rules
ACCEPT loc $FW tcp 10000
Web/ACCEPT net $FW
Web/ACCEPT loc $FW
SMB/ACCEPT $FW loc
SMB/ACCEPT loc $FW
DNS/ACCEPT $FW net
DNS/ACCEPT loc $FW
SSH/ACCEPT loc $FW
SSH/ACCEPT net $FW
ACCEPT loc $FW tcp 24
Webmin/ACCEPT loc $FW
Ping/ACCEPT loc $FW
ACCEPT loc fw udp 67,68
ACCEPT net $FW tcp 23
ACCEPT net $FW tcp 5910
ACCEPT loc $FW tcp 5910
grenada tmp # iptables -L |grep 5910
ACCEPT tcp -- anywhere anywhere tcp
dpt:5910
ACCEPT tcp -- anywhere anywhere tcp
dpt:5910
grenada tmp #

not sure where to look to sort this out

You need to configure sshd to bind all interfaces for a reverse
forwarding, not just the loopback (gatewayports=yes).

--
Richard Silverman
res@qoxp.net