Re: multiple servers behind 1 firewall - question

Mon, 20 Oct 2003 20:39:29 -0700 

Simply, if you have private IP addresses for the network PCs, the firewall
is doing NAT and you will need to have a port forward for each PC with a
VNC server running. Forward port 5900 on the firewall to A, 5901 to B,
etc. If, you are using the Java Client, then 5800 to A, 5801 to B, etc
will need to be added. Other rules may need to be changed, depending on
the firewall.

That means every machine becomes an entry point to your network. I prefer
designating a machine to be the gateway (primary host), if I am forced to
use limited firewalls. It is more likely that one PC can be checked
regularly for security issues, than all of the PCs on your network.

If, you have a linux or unix based firewall with SSHD running then you can
do port forwarding as needed to any of the machines and the connections
will be encrypted. I usually set the SSHD to use the blowfish cipher,
though any of the faster ones work well. Another advantage is the port
forwarding is a function of SSH and not a static port forward on the
firewall. There is no open port until you login correctly. Much safer.

Joseph Kexel

Ramiro Albarracin said:
>    ----         A
>   | PC |  <----------->|
>    ----                |
>                        |
>                        |
>    ----         B      |
>   | PC |  <----------->|
>    ----                |
>                        |
>                        |
>    ----         C      |                                  I
>   | PC |  <----------->|                                  N
>    ----                |            ///////////
>             -----------
>                        |<----------> FIREWALL  <------->  E  <------>
> |Remote Host|
>                        |            //////////            R           |VNC
> Viewer |
>    ----         D      |
>                       N            -----------
>   | PC |  <----------->|                                  E
>    ----                |                                  T
>                        |
>                        |
>    ----         E      |
>   | PC |  <----------->|
>    ----                |
>                        |
>                        |
>    ----         F      |
>   | PC |  <----------->|
>    ----
>
>
> *** All PC's are running VNC SERVER behind a firewall. Is it possible to
> configure the VNC Viewer
> in a way that will allow me to access any of the PC's ?? do I need to make
> any setting changes on the firewall ?
> _______________________________________________
> VNC-List mailing list
> [EMAIL PROTECTED]
> To remove yourself from the list visit:
> http://www.realvnc.com/mailman/listinfo/vnc-list
_______________________________________________
VNC-List mailing list
[EMAIL PROTECTED]
To remove yourself from the list visit:
http://www.realvnc.com/mailman/listinfo/vnc-list

Reply via email to