On Mon, 2004-10-18 at 14:24, Marcus Lager wrote: > "Theese ports assume you are using display ":1" (accessed via command: > "vncviewer machine:1"). Is that the case? " > > - No, I don4t believe I am. I4m running VNC as a service on the server and > clients connect by using the VNC viewer and stating the mapped IP address > and the password I set up using VNC 3.3 authentication. > > So I guess i only need to worry about TCP port 5900 then?
Okay, that is correct if you only use IP-address then you are using the default ( :0 ) ie. 5900. > Well, when > allowing only this port in my firewall I cannot connect. When I allow trafic > on all ports I connect without problems. It seams to be your firewall settings then... They don't seam to work, you got a log in which you can see if the firewall is blocking port 5900? Jerry > > /Marcus > > -----Ursprungligt meddelande----- > Fren: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] > Jerome R. Westrick > Skickat: den 18 oktober 2004 10:51 > Till: [EMAIL PROTECTED] > Dmne: Re: VNC and Firewall - which ports to open? > > > On Mon, 2004-10-18 at 10:18, Marcus Lager wrote: > > I have a Netscreen NS5XT firewall. If I allow all ports to my server, > which > > is behind the firewall, the VNC connection works. If I allow only TCP > ports > > 5801, 5901 and 5501 the connections fails. According to the documentation > > these ports are the only ones I should open. > > > > Theese ports assume you are using display ":1" (accessed via command: > "vncviewer machine:1"). Is that the case? > > If you use the command "vncviewer machine" (without the :1) the you > would need to redirect the ports 5800, 5900, and 5500 (without the > +1)... > > Jerry > P.S. The ports 5800 (+displayno), are used for downloading the java > applet into your browser, if you don't use browser access you don't need > to redirect this port... > > P.P.S. The ports 5500 (+displayno), are used for "reverse" connections, > that is when the vncserver does "Add client", and connects to a > vncviewer in "Listen mode". Therefore this one used diferentely as the > vncserver connections and therefore is usually configured diferent to > the vncserver. Adding this port to your "General vncserver port config > list" will really create confusion... > > > > VNC runs as a service and I4ve mapped an ip address to the server, which I > > guess is called "putting the server in the DMZ" in networking language. > And > > while all ports are open it works fine. But that4s not very safe, is it? > > > > Marcus > > _______________________________________________ > > VNC-List mailing list > > [EMAIL PROTECTED] > > To remove yourself from the list visit: > > http://www.realvnc.com/mailman/listinfo/vnc-list > _______________________________________________ > VNC-List mailing list > [EMAIL PROTECTED] > To remove yourself from the list visit: > http://www.realvnc.com/mailman/listinfo/vnc-list > _______________________________________________ > VNC-List mailing list > [EMAIL PROTECTED] > To remove yourself from the list visit: > http://www.realvnc.com/mailman/listinfo/vnc-list _______________________________________________ VNC-List mailing list [EMAIL PROTECTED] To remove yourself from the list visit: http://www.realvnc.com/mailman/listinfo/vnc-list
