Maybe I'm missing something, but this seems overly complex if you have ssh access to the gateway host, and just want to connect with VNC to an internal host.
Why not just use ssh port forwarding?
ssh -L 5901:192.168.1.2:5900 workfw
Then, just connect your vnc client to localhost/127.0.0.1 port 5901, and it will go through the ssh tunnel to the internal host (192.168.1.2).
Sigh. I need to play with this. I still don't quite get it.