We have several public IP addresses. We all use one and the same when we are surfing the net, but for VNC I have used another, different IP address. This public IP address is mapped to the local IP address of one of my LAN servers, which runs VNC as a service. It works when I open all ports (allow any type of protocoll) but when I open only port 5900 it does not work. Maybe I?m not configuring my firewall correctly, as was suggested by Jerry.
-----Ursprungligt meddelande----- Fran: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Angelo Sarto Skickat: den 18 oktober 2004 18:04 Till: Jerome R. Westrick Kopia: [EMAIL PROTECTED] Amne: Re: SV: VNC and Firewall - which ports to open? Possibly, you have the port "open" and not redirected. You need a port forward of 5900 to your local machine if your firewall is doing PAT/NAT. (i.e. you have only one public IP shared for many computers) Simply Opening 5900 will prolly route the packet into the bit bucket. ?? --Angelo On Mon, 18 Oct 2004 14:43:39 +0200, Jerome R. Westrick <[EMAIL PROTECTED]> wrote: > On Mon, 2004-10-18 at 14:24, Marcus Lager wrote: > > "Theese ports assume you are using display ":1" (accessed via command: > > "vncviewer machine:1"). Is that the case? " > > > > - No, I don4t believe I am. I4m running VNC as a service on the server and > > clients connect by using the VNC viewer and stating the mapped IP address > > and the password I set up using VNC 3.3 authentication. > > > > So I guess i only need to worry about TCP port 5900 then? > > Okay, that is correct if you only use IP-address then you are using the > default ( :0 ) ie. 5900. > > > > Well, when > > allowing only this port in my firewall I cannot connect. When I allow trafic > > on all ports I connect without problems. > > It seams to be your firewall settings then... > They don't seam to work, you got a log in which you can see if the > firewall is blocking port 5900? > > Jerry > > > > > > > /Marcus > > > > -----Ursprungligt meddelande----- > > Fren: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] > > Jerome R. Westrick > > Skickat: den 18 oktober 2004 10:51 > > Till: [EMAIL PROTECTED] > > Dmne: Re: VNC and Firewall - which ports to open? > > > > > > On Mon, 2004-10-18 at 10:18, Marcus Lager wrote: > > > I have a Netscreen NS5XT firewall. If I allow all ports to my server, > > which > > > is behind the firewall, the VNC connection works. If I allow only TCP > > ports > > > 5801, 5901 and 5501 the connections fails. According to the documentation > > > these ports are the only ones I should open. > > > > > > > Theese ports assume you are using display ":1" (accessed via command: > > "vncviewer machine:1"). Is that the case? > > > > If you use the command "vncviewer machine" (without the :1) the you > > would need to redirect the ports 5800, 5900, and 5500 (without the > > +1)... > > > > Jerry > > P.S. The ports 5800 (+displayno), are used for downloading the java > > applet into your browser, if you don't use browser access you don't need > > to redirect this port... > > > > P.P.S. The ports 5500 (+displayno), are used for "reverse" connections, > > that is when the vncserver does "Add client", and connects to a > > vncviewer in "Listen mode". Therefore this one used diferentely as the > > vncserver connections and therefore is usually configured diferent to > > the vncserver. Adding this port to your "General vncserver port config > > list" will really create confusion... > > > > > > > VNC runs as a service and I4ve mapped an ip address to the server, which I > > > guess is called "putting the server in the DMZ" in networking language. > > And > > > while all ports are open it works fine. But that4s not very safe, is it? > > > > > > Marcus > > > _______________________________________________ > > > VNC-List mailing list > > > [EMAIL PROTECTED] > > > To remove yourself from the list visit: > > > http://www.realvnc.com/mailman/listinfo/vnc-list > > _______________________________________________ > > VNC-List mailing list > > [EMAIL PROTECTED] > > To remove yourself from the list visit: > > http://www.realvnc.com/mailman/listinfo/vnc-list > > _______________________________________________ > > VNC-List mailing list > > [EMAIL PROTECTED] > > To remove yourself from the list visit: > > http://www.realvnc.com/mailman/listinfo/vnc-list > _______________________________________________ > VNC-List mailing list > [EMAIL PROTECTED] > To remove yourself from the list visit: > http://www.realvnc.com/mailman/listinfo/vnc-list _______________________________________________ VNC-List mailing list [EMAIL PROTECTED] To remove yourself from the list visit: http://www.realvnc.com/mailman/listinfo/vnc-list _______________________________________________ VNC-List mailing list [EMAIL PROTECTED] To remove yourself from the list visit: http://www.realvnc.com/mailman/listinfo/vnc-list
