Resent incase anyone else uses a brain dead mailer that doesn't like the word "From" to start a line:
> -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]] On Behalf Of Damon McMahon > Sent: Friday, September 20, 2002 3:23 AM > To: [EMAIL PROTECTED] > Subject: AuthHosts and Java VNC > > > Greetings, > > This is my first post, and my apologies if this issue has > been covered > somewhere else [I did search, however!] > > I am using the Java client option of VNC to allow my MacOS X > client to > connect to the WinVNC server installed on my Windows 2000 gateway. > > This arrangement is working well, but with the Win 2000 host > having a direct > connection to the internet I am worried about security. I > would like to use > the AuthHosts feature in WinVNC to deny connections to all > other IPs besides > the Mac, as at the moment the only thing preventing a > connection from an > internet host is the firewall [and the WinVNC password, of course]. > > However, I cannot get the AuthHosts setting to work with the > Java client. > Any attempt to implement AuthHosts results in the Java client > terminating > with the following exception: > > java.io.IOException: Your connection has been rejected. > > I also tried using a setting of -:127.0.0.1 with AuthHosts, > thinking this > would at least prevent direct connections and force any > connections to be > via the VNC's built-in HTTP server, but this had the following effect: > > java.net.ConnectException: Connection refused > > Is there a way to implement AuthHosts with the VNC Java client? > You don't give an example if the line you used in the first case, so I apologize if you know this... Your second line, unless it's a typo, you don't have the correct syntax. According to the VNC Docs "-:+158.97: would filter out all incoming connections except those beginning with 158.97." Notice the + before the IP after the colon. Your second example using localhost will not work because the HTTP server isn't making the connection. It just serves up a Java applet which makes the connection from the machine via the browser. This is why two ports need to be opened on a firewall if you want to use the HTTP page. On a side note, even if you have AuthHosts setup the HTTP server will still serve the page, even though you can't make a VNC connection. It is just the VNC server itself that obeys the AuthHosts. Your statement about the "...only thing preventing a connection from an internet host is the firewall..." confuses me. If you have firewalled off the 5800 and 5900 ports from the Internet that is all you need to do. -- William Hooper _______________________________________________ VNC-List mailing list [EMAIL PROTECTED] http://www.realvnc.com/mailman/listinfo/vnc-list
