Doesn't having to use something like VPN kind of defeat the general concept of VNC?
JP ----- Original Message ----- From: <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Saturday, February 21, 2004 2:59 PM Subject: RE: (no subject) > > 1. Open the admin functions in your router, look and see the ip address > > that is assigned to the router (it will not be a 192.168.... number, these > > are assigned by the dhcp server that is in your router.) The ip address > > that is assigned to you from your isp is the one that you need to connect to > > the router > > actually to connect "through" would be better. The reason for verb > change is to get down to a few basic issues... see below. > > > 2. The whole purpose of a router (home version) is to act as a firewall > > that will protect you from connections coming into your network form the > > internet. You can however allow port to be open for thing that you would > > like to run. VNC requires port 5900 to be open in order to flow through the > > router. In my router there is an advanced tab that open advanced opinion > > like port forwarding. Simply type in the port that you want open (5900) and > > what protocol you want to use (both tcp and udp) and then the machine that > > you want to connect to ( I think you said 192.168.1.200). Then when your > > friend type in your IP (for the isp) he will connect to the machine that > > you specified. > > VNC does NOT require that port 5900 be open. You need access though > the router... > > VNC needs to reach port 5900 (for windows) on your server. It need > access to that server port. > > A simple method is to do port forwarding from the firewall/router > red/internet side to your server. This is quick and DANAGEROUS. VNC > base security is a single password with no shutdown for excessive > failures and makes it NOT to be placed on the internet. Others know > 5900 port. Even the 5800 port is DANAGEROUS though you could map > red port 29453 to port 5800, a port scan will see it and give others > access to your machine. > > If you can... look at firewalls (free software based firewal > http://ipcop.org) over hardware accessport by linksys or netgear... > you can limit what IPs are allowed access to red:5900 . This is > still not the a good solution, because you are using a known vector > to your equipment. > > What is better is to a tunnel... VPN or SSH (again avialable in IPCop > for example). With these you will NOT be going to erd port 5900. > You will be setting up a "extention" to your network. So your remote > will be functioning more akin to a local machine. Now VNC will be > connecting to server. But the traffic will be flowing though the > routers. PS all encrypted. > > Some net resources... > > http://www.ltsp.org/contrib/vnc.html > http://www.prosig.com/protor/kbase/VPNAccess-HOWTO.pdf > http://www.bitvise.com/screenshots.html > > > Jack Beglinger > Project Lead IPCop > _______________________________________________ > VNC-List mailing list > [EMAIL PROTECTED] > To remove yourself from the list visit: > http://www.realvnc.com/mailman/listinfo/vnc-list _______________________________________________ VNC-List mailing list [EMAIL PROTECTED] To remove yourself from the list visit: http://www.realvnc.com/mailman/listinfo/vnc-list
