Thanks Lee, that worked!
-Rod Strumbel
-----Original Message-----
From: Lee Allen [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, July 10, 2001 7:35 PM
To: [EMAIL PROTECTED]
Subject: Re: VNC as a VPN ?
Rod Strumbel <[EMAIL PROTECTED]> wrote:
> So you just setup a mapping from the WAN side to the LAN side on the NAT
> device?
>
> There is something similar setup to get to our email server, basically
> "punching a hole" in the NAT device.
>
> So then when you connect with the VNCViewer, would you specify the port
> that you opened up on the NAT device?
>
> Meaning, if I want to be able to host 10 simultaneous VNC sessions through
> the NAT, I would need to open up 10 static maps to the internal LAN?
That's exactly right.
Let's say the public (Internet) IP address is 1.2.3.4,
and the private IP address of the VNC servers were 172.16.1.1 through 10.
You would have rules like this:
address:port redirected to address IP:port
1.2.3.4:5901 --> 172.16.1.1:5900
1.2.3.4:5902 --> 172.16.1.2:5900
1.2.3.4:5903 --> 172.16.1.3:5900
...
1.2.3.4:5910 --> 172.16.1.10:5900
Then, to VNC into system 172.16.1.3, you would specify 1.2.3.4:3 in the
viewer.
This is insecure. Someone could determine with a port scanner that these
ports are open, and they would deduce they are for VNC. At that point the
only protection is the VNC passwords. So a VPN (or even SSH) is much
better.
-Lee Allen
---------------------------------------------------------------------
To unsubscribe, send a message with the line: unsubscribe vnc-list
to [EMAIL PROTECTED]
See also: http://www.uk.research.att.com/vnc/intouch.html
---------------------------------------------------------------------
---------------------------------------------------------------------
To unsubscribe, send a message with the line: unsubscribe vnc-list
to [EMAIL PROTECTED]
See also: http://www.uk.research.att.com/vnc/intouch.html
---------------------------------------------------------------------
