"Theese ports assume you are using display ":1" (accessed via command: "vncviewer machine:1"). Is that the case? "
- No, I don4t believe I am. I4m running VNC as a service on the server and clients connect by using the VNC viewer and stating the mapped IP address and the password I set up using VNC 3.3 authentication. So I guess i only need to worry about TCP port 5900 then? Well, when allowing only this port in my firewall I cannot connect. When I allow trafic on all ports I connect without problems. /Marcus -----Ursprungligt meddelande----- Fren: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Jerome R. Westrick Skickat: den 18 oktober 2004 10:51 Till: [EMAIL PROTECTED] Dmne: Re: VNC and Firewall - which ports to open? On Mon, 2004-10-18 at 10:18, Marcus Lager wrote: > I have a Netscreen NS5XT firewall. If I allow all ports to my server, which > is behind the firewall, the VNC connection works. If I allow only TCP ports > 5801, 5901 and 5501 the connections fails. According to the documentation > these ports are the only ones I should open. > Theese ports assume you are using display ":1" (accessed via command: "vncviewer machine:1"). Is that the case? If you use the command "vncviewer machine" (without the :1) the you would need to redirect the ports 5800, 5900, and 5500 (without the +1)... Jerry P.S. The ports 5800 (+displayno), are used for downloading the java applet into your browser, if you don't use browser access you don't need to redirect this port... P.P.S. The ports 5500 (+displayno), are used for "reverse" connections, that is when the vncserver does "Add client", and connects to a vncviewer in "Listen mode". Therefore this one used diferentely as the vncserver connections and therefore is usually configured diferent to the vncserver. Adding this port to your "General vncserver port config list" will really create confusion... > VNC runs as a service and I4ve mapped an ip address to the server, which I > guess is called "putting the server in the DMZ" in networking language. And > while all ports are open it works fine. But that4s not very safe, is it? > > Marcus > _______________________________________________ > VNC-List mailing list > [EMAIL PROTECTED] > To remove yourself from the list visit: > http://www.realvnc.com/mailman/listinfo/vnc-list _______________________________________________ VNC-List mailing list [EMAIL PROTECTED] To remove yourself from the list visit: http://www.realvnc.com/mailman/listinfo/vnc-list _______________________________________________ VNC-List mailing list [EMAIL PROTECTED] To remove yourself from the list visit: http://www.realvnc.com/mailman/listinfo/vnc-list
