On Mon, 2004-10-18 at 10:18, Marcus Lager wrote:
> I have a Netscreen NS5XT firewall. If I allow all ports to my server, which
> is behind the firewall, the VNC connection works. If I allow only TCP ports
> 5801, 5901 and 5501 the connections fails. According to the documentation
> these ports are the only ones I should open.
> 

Theese ports assume you are using display ":1" (accessed via command:
"vncviewer machine:1").  Is that the case?  

If you use the command "vncviewer machine"  (without the :1) the you
would need to redirect the ports 5800, 5900, and 5500  (without the
+1)...

Jerry
P.S.  The ports 5800 (+displayno), are used for downloading the java
applet into your browser, if you don't use browser access you don't need
to redirect this port...

P.P.S.  The ports 5500 (+displayno), are used for "reverse" connections,
that is when the vncserver does "Add client", and connects to a
vncviewer in "Listen mode".  Therefore this one used diferentely as the
vncserver connections and therefore is usually configured diferent to
the vncserver.  Adding this port to your "General vncserver port config
list" will really create confusion...


> VNC runs as a service and I4ve mapped an ip address to the server, which I
> guess is called "putting the server in the DMZ" in networking language. And
> while all ports are open it works fine. But that4s not very safe, is it?
> 
> Marcus
> _______________________________________________
> VNC-List mailing list
> [EMAIL PROTECTED]
> To remove yourself from the list visit:
> http://www.realvnc.com/mailman/listinfo/vnc-list
_______________________________________________
VNC-List mailing list
[EMAIL PROTECTED]
To remove yourself from the list visit:
http://www.realvnc.com/mailman/listinfo/vnc-list

Reply via email to