I would not recommend opening VNC ports on the outside (Internet) of your firewall pointing directly to machines inside your network. This method allows anyone to sniff your passwords and traffic since it is unencrypted. The best way is to tunnel the connections through an encrypted VPN or SSH tunnel. RealVNC offers a secure version for $30.
See Feature Comparisons: http://www.realvnc.com/products/features.html Having said that, if your set on doing it this way, you don't need to change the default port on your machines. I assume your firewall/router uses NAT/PAT, so the world only sees one IP address from the Internet. Just configure your router to use a different external port for each of your inside machines. Here is an example using the below fictitious network: Internal IP/Port -> Internal Gateway|External IP/Port 192.168.1.100/5900 -> 192.168.1.254|24.35.64.129/1050 192.168.1.101/5900 -> 192.168.1.254|24.35.64.129/1051 192.168.1.102/5900 -> 192.168.1.254|24.35.64.129/1052 192.168.1.103/5900 -> 192.168.1.254|24.35.64.129/1053 192.168.1.104/5900 -> 192.168.1.254|24.35.64.129/1054 192.168.1.105/5900 -> 192.168.1.254|24.35.64.129/1055 192.168.1.106/5900 -> 192.168.1.254|24.35.64.129/1056 192.168.1.107/5900 -> 192.168.1.254|24.35.64.129/1057 --Cal Webster On Sat, 2006-09-09 at 09:25, Barr, Keith wrote: > Hi All, > > > > I am trying to specify the listening socket for VNC running > under Linux RHEL 4. I am using version 4.1.2 and I am using > using native X display which is configured as described in > the on-line documentation (adding vnc.so to the libraries, > adding a the VNC module, and specifying options in the > "Screen" section). > > > > I thought I would simply add a line like this: > > > > Option "rfbport" "5921" > > > > To the screen section, but it doesn't seem to work very well. > Sometimes it does, but it is very inconsistent. If I remove > the line and connect on the standard 5900 it is solid as a rock. > > > > Does anyone have any suggestions? I have 8 computers behind > a router that I would like to access directly, so that is > why I am hoping to use individually specified ports. > > > > Thanks, > > Keith Barr > _______________________________________________ > VNC-List mailing list > [email protected] > To remove yourself from the list visit: > http://www.realvnc.com/mailman/listinfo/vnc-list _______________________________________________ VNC-List mailing list [email protected] To remove yourself from the list visit: http://www.realvnc.com/mailman/listinfo/vnc-list
