Doh (slaps forehead)! Firstly, am I correct in assuming the Source IP plus the Port produces the unique identity for a connection within the stack itself?
Secondly, I want to set up an arrangement where 2 different remote clients setup ssh/tunnel connections to a single Linux firewall that then on-forwards the tunneled packets to the VNC server on a Windows host in the DMZ. In this case how does the firewall know which returning packet to route back to which client? Cheers, Frank. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of James Weatherall Sent: Wednesday, 21 July 2004 1:08 AM To: 'Frank Hamersley'; [EMAIL PROTECTED] Subject: RE: RE: VNC4 accepts connection 5900 but refuses 5901 Frank, I'm afraid your understanding of TCP is incorrect. When a service listens on a particular port, any number of connections can be made by clients of that service, to that port, from any number of hosts, within reason. How many clients the particular service chooses to support is a different matter, of course. Wez @ RealVNC Ltd. --- James, correct - VNC on Windows. I had assumed (mistakenly it appears) that because VNC was using tcp (versus udp) that as soon as one viewer had connected that port 5900 would be dedicated to that connection ie. a point to point usage. This was further reinforced when I looked into the ssh tunneling techniques to find that only one port needed to be mapped for VNC to operate. I had also assumed that when ssh was involved that the VNC Server and Client were not negotiating another port to use after session setup because that would risk going outside the ssh encryption. If the viewer/server do negotiate a discrete port like 32K I presume ssh inspects the packets and seamlessly invoke listens on the relevent hosts for the nominated tcp ports. Please confirm/explain/elaborate on the points where I still have it wrong. Cheers, Frank. _______________________________________________ VNC-List mailing list [EMAIL PROTECTED] To remove yourself from the list visit: http://www.realvnc.com/mailman/listinfo/vnc-list _______________________________________________ VNC-List mailing list [EMAIL PROTECTED] To remove yourself from the list visit: http://www.realvnc.com/mailman/listinfo/vnc-list
