DM: Heya. Loopback is the coolest thing since spam filters, so it's worthwhile to understand its significance. On your PC, the Network Interface Card (NIC) or modem create what the PC thinks of as a data "interface". Every interface has an IP address associated with it, so if you need to send data to some service listening to some port on other IP address, the PC consults an internal "routing table" that tells it what interface to use. This is how a PC won't get confused if you're on a LAN and using your modem at the same time.
Anyhow. In addition to all of the explicit interfaces created by a NIC or modem, your PC also has a implicit, "built in" one called a "loopback" interface. It has the IP address 127.0.0.1 and it, basically, always works. Try ping'ing it. :) At first, it seems pretty pointless, because no other machine can send IP data to it. However...it's incredibly useful for sending IP data *between applications* on the same PC. So, in your case, if you're running an SSH tunnel and a VNC Server, the loopback interface can connect the data coming out of the tunnel with the VNC Server that you're trying to connect to. Since this loopback interface is "built in", the data moving between applications over this interface isn't actually "exposed" to any explicit network connection. So unlike any other data on an explicit network interface, data on the loopback interface cannot be monitored. It is, therefore, the most secure way to move data between applications. And maximizing the security of a VNC session is the whole point of using SSH tunnels, after all. By default, a VNC Server doesn't "listen" to the loopback interface for incoming connections. You have to enable that with either the "AllowLoopback" or "LoopbackOnly" registry settings for VNC. Hope this helps! -Scott > Hi, > > when using SSH and VNC together, i've noticed that alot of people say that > you must allow local loopback connections. > > Can anyone explain why this is, i'd really like to know the significance of > this. > > Many Thanks > DM _______________________________________________ VNC-List mailing list [EMAIL PROTECTED] http://www.realvnc.com/mailman/listinfo/vnc-list