Ok....what I think you are trying to say is that you have your home machine which has no obstruction (i.e. firewall or NAT that you can't port forward on) and your work that has a firewall (leaving only port 80) and a NAT making it impossible to reach your computer directly. What you propose is to get around the firewall by tunneling )or at least moving) the data to port 80. The NAT issue you are attempting to deal with by using the reverse connection methods integrated into VNC. By this I mean that you are having the viewer listen and the server connect. Then when you get home you are able to connect to your work.
Now onto the possible solutions...... As was mentioned earlier you might be able to move the data stream from the server (acting as the client) to port 80 by stating that you will be using display number -5820. I am not sure if this display setting can move the data stream for a reverse connection like this so you might have to use a 3rd party program (maybe bounce would work, or netcat as you have already demonstrated a knowledge of it). Now the data stream is on port 80 and the viewer (acting as the server) is listening on port 5900. To fix this you can either use the nifty little bounce utility mentioned earlier and redirect the data stream to port 80 (provided you have loop back connections enabled) or just use the syntax "vncviewer.exe -listen [port]". When you start the connection from your work machine, the roles of viewer and server switch back to their real tasks (Previously the viewer was the server and the server the viewer but now that the connection is enabled, and the two sides see each other, the roles can switch back) Hope this helps... and please tells us if it works. -Dustin Johnson ----- Original Message ----- From: "Jordan Share" <[EMAIL PROTECTED]> To: "Rick Mayweather" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Sent: Wednesday, January 29, 2003 5:41 PM Subject: RE: fpipe and VNC from a NAT'ed WinVNC server > > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On > > Behalf Of Rick Mayweather > > Sent: Wednesday, January 29, 2003 5:21 PM > > Hi Jordan, > > > > >I'm having a bit of trouble understanding what your final goal is. > > > > To connect to my VNC server "located at home" from work. > > > > >Is this the scenario?: > > >You are behind a firewall at work. > > > > Yes. > > > > >You are allowed to connect to port 80 on arbitrary external IP >addresses > > > > I can connect to my box at work only on port 80/tcp through the firewall. > > Ok, here's where you lost me. I think we are using different terminology. > When I say "connect from A to B", I mean: > A sends SYN packet to B > B ACKs the SYN from A, and sends A a SYN packet > A ACKs the SYN from B > (basically, the classic TCP "3-way handshake") > > Thus, the connection is initiated from A to B. > > Now, let's take the basic case of connecting to a VNC server that is on the > same LAN as you (no firewalls). In that case, the client (the machine you > are running vncviewer on) is A in the above scenario. The client sends the > first packet. > > So, I think what you mean is that (from work) you can only connect to port > 80. That is, workmachine can connect to port 80 on any external IP address. > The webservers are not connecting to you, you connect to them. > > > >You make that connection directly, without using a proxy > > >At home > > > > Yes. > > > > >You'd like to have something listen on port 80, and redirect > > >connections to port 5900 on that same machine. > > > > To connect to port 80 or 5900 on the winvnc viewer/client host which > > forwards through the tunnel, so I can get a vnc session :-) > > > > * As I understand it, the connection has to first listen on the client. > > Ok, this is where you are wrong. The server is listening for incoming > packets from the clients (the initial SYN packet described above). The > client initiates the connection to the server. > > > * Then I can initiate the server "WinVNC" connection. > > > > This is what I believe to be the case from running a reverse > > cmd.exe as an > > experiment which works. If it's a good analogy, here's how I did > > that. I > > would like to do that, but for VNC. > > > > client > > c:\> nc -l -p 80 > > > > natted host > > c:\> nc -e cmd.exe 45.43.43.43 80 > > Ok, so in this example, you are using reverse terminology from what I would > use. You indicate that the client is listening (-l). Usually, people refer > to the server as the one that is listening, and the client as the one that > initiates the connection (e.g. webserver/browser, irc server/irc client, > etc.) > > Honestly, I'm not sure what your experiment (as outlined above) resulted in. > > > Just to re-emphasise, I can't connect directly to the box from > > work as it's > > NAT'ed and firewalled, thus the requirement for a reverse "outgoing" > > tunnel/connection 8-) > > Ok, so now I'm confused again. I thought you /were/ connecting directly > /from/ work (where you have the firewall) to your home machine. When you > say "...can't connect directly to the box from work as it's NAT'ed....", > what is the "it" in "it's" referring to? You need to connect from your work > box, to your home box (because you want to control the home box). > > > Thanks, > > Rick > > > > >Is that accurate? > > > > > >If so, then here is what I would do: > > >Get bouncer ( http://www.r00t3d.org.uk/bin/bouncer-1.0.rc6-win32.zip ) > > >Run bouncer on your home machine with this command line: bouncer --port > > >80 --destination 127.0.0.1:5900 > > >This will caust bouncer to listen on port 80, and redirect connections to > > >port 5900 on the local machine > > >At work, run vncviewer. > > >Connect to your.home.ip.address:-5820 > > >(this works, because vncviewer connects to 5900+(number after > > colon), thus > > >5900+(-5820)=80) > > >Done. > > > > > >You do have to have the allowloopback registry setting, but it > > sounds like > > >you do. > > > > > >Jordan > _______________________________________________ > VNC-List mailing list > [EMAIL PROTECTED] > http://www.realvnc.com/mailman/listinfo/vnc-list _______________________________________________ VNC-List mailing list [EMAIL PROTECTED] http://www.realvnc.com/mailman/listinfo/vnc-list
