DM:
Heya. Loopback is the coolest thing since spam filters,
so it's worthwhile to understand its significance. On your PC,
the Network Interface Card (NIC) or modem create what the PC
thinks of as a data "interface". Every interface has an IP address
associated with it, so if you need to send data to some service
listening to some port on other IP address, the PC consults an
internal "routing table" that tells it what interface to use. This
is how a PC won't get confused if you're on a LAN and using your
modem at the same time.
Anyhow. In addition to all of the explicit interfaces
created by a NIC or modem, your PC also has a implicit, "built in"
one called a "loopback" interface. It has the IP address 127.0.0.1
and it, basically, always works. Try ping'ing it. :) At first, it
seems pretty pointless, because no other machine can send IP data
to it. However...it's incredibly useful for sending IP data
*between applications* on the same PC. So, in your case, if you're
running an SSH tunnel and a VNC Server, the loopback interface can
connect the data coming out of the tunnel with the VNC Server that
you're trying to connect to.
Since this loopback interface is "built in", the data
moving between applications over this interface isn't actually
"exposed" to any explicit network connection. So unlike any other
data on an explicit network interface, data on the loopback
interface cannot be monitored. It is, therefore, the most secure
way to move data between applications. And maximizing the security
of a VNC session is the whole point of using SSH tunnels, after
all.
By default, a VNC Server doesn't "listen" to the loopback
interface for incoming connections. You have to enable that with
either the "AllowLoopback" or "LoopbackOnly" registry settings
for VNC.
Hope this helps!
-Scott
> Hi,
>
> when using SSH and VNC together, i've noticed that alot of people say that
> you must allow local loopback connections.
>
> Can anyone explain why this is, i'd really like to know the significance of
> this.
>
> Many Thanks
> DM
_______________________________________________
VNC-List mailing list
[EMAIL PROTECTED]
http://www.realvnc.com/mailman/listinfo/vnc-list
