Re: VNC on different ports - how?

Thu, 21 Dec 2000 15:13:02 -0800 

On Thu, 21 Dec 2000 11:22:57 -0500, Burke, Thomas G. wrote:
| I want to run my NT box (at work) from home.
| I can connect just fine from another machine at work to my machine, but
| cannot connect from home.
| I suspect that the company's firewall is the culprit.

Most likely. There are "clean" ways to work with it though.

| The FAQ alludes to being able to run the server on a different port (say
| FTP), but I can't find the exact stuff in the documentation.

A horrible idea. You're essentially violating your firewall rules.
And a sane firewall setup won't allow any FTP service far enough in to permit
you the access you want.

On Thu, Dec 21, 2000 at 11:38:51AM -0400, Michael Burger <[EMAIL PROTECTED]> 
wrote:
| Maybe you could just open up that port on the firewall?

I see this kind of suggestion too often.
This is a bad suggestion.

Most of the purpose of a firewall is to protect internal machines from
attack, and this is largely accomplished by refusing access to any kind
of "login"able protocol. You're suggesting allowing not just a protocol
which passes passwords and screen images in the clear, but one which
allows absolute control of the target workstation! Your firewall admin
could rightfully desire to drag you outside and shoot you!

Go read this:

        http://www.zipworld.com.au/~cs/answers/vnc-thru-firewall-via-ssh.txt

It describes in detail how to pass VNC sessions over ssh, permitting

        - real authentication
        - privacy of the data across the external net

You will have to get ssh permitted in through the firewall, probably to
a locked down box permitting only RSA key authenication (we do it that
way) but at least it's secure, whereas dicking with port numbers and
poking holes in the firewall for cleartext protocols is nearly as good
as removing the firewall altogether.

Cheers,
--
Cameron Simpson, DoD#743        [EMAIL PROTECTED]    http://www.zip.com.au/~cs/

Some people have all the luck.  When I find the guy with mine, I'm gonna
kick his teeth in.



_______________________________________________
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list

Reply via email to