I need to connect to a particular Windows machine, which is behind firewall, from a remote Unix machine.

To this end I installed the TightVNC-server (2.8.8 GPL) on the Windows machine. It is set to listen on 14900 and configured to "Allow loopback" and only loopback connections.

If I attempt to run telnet 127.0.0.1 14900 on the same Windows machine, it promptly connects and prints out the beginning of the VNC protocol (RFB...). So far so good.

Now I use PuTTY to ssh out of the Windows machine into the remote Unix machine. One of the tunnels I set up in the PuTTY session is R14900:127.0.0.1:14900.

When I attempt to run vncviewer 127.0.0.1::14900 on the remote Unix machine, however, it hesitates for a second and then claims: vncviewer: VNC server closed connection. If I attempt the same telnet 127.0.0.1 14900 on the remote Unix machine, it also connects briefly only to be disconnected.

Questions:

1. How does the TightVNC-server distinguish connections to it coming from the same machine vs. those coming via an ssh-tunnel, if in both cases the remote IP of the new connection is 127.0.0.1?
2. How can I overcome this cleverness and let myself connect without exposing the Windows machine to the rest of the LAN?