At 05:18 PM 2002-01-05, you wrote: >Question 1: I understand that I have to set port forwarding on the dsl >router setup to port 5900 (or 59xx), but what address do I plug in to be >forwarded? I presume I use one of the addresses supplied by my ISP, but >do I use the IP address, the Primary DNS, the Gateway, or the Subnet >Mask, or do I use the Destination LAN (DCHP) IP address? I'm new at >networking, and a bit confused as to which address to use.
1) The "Service Port Range" needs to be set to 5900~5900. 2) The protocol must be set to TCP. 3) The IP address is the address of the host machine you want to take over. If this doesn't work, please note that you may have to open port 5800 as well if you are using the Java viewer in a web browser. Try looking though the FAQ's for more information. The FAQ can be found at http://www.uk.research.att.com/vnc/faq.html. >Question 2: The Linksys dsl router requires me to turn off DCHP to use >Port Forwarding. Am I loosing something important by doing this? Check again. Unless you are using one of the BETA revisions of the firmware, you should not have to disable DHCP in order to enable port forwarding. DHCP is used to assign each of the computers on your network a unique IP address. If all of the companies IP addresses are hard coded, you do not require DHCP. Note that in some cases, DHCP will assign a different address to a machine when that machine requests or tries to renew its address. If this happen, you will not be able to VNC though the router as the address set under forwarding will no longer correspond to the right machine, if any at all. In this case, hard coded IP addresses will be the only way to ensure a consistent IP address. Note that only the machines running a VNC host you will be connecting to will require a hard coded address. Finally, if you plan on connecting to more than one machine on your network though the Linksys, you will need to have them each setup on a different port. For example, Jack's machine will be listening for a VNC connection on port 5900. Larry's might be on 5901, Mary's on 5902, etc. In that case, you will have to add a port forwarding entry on the Linksys for each machine, also specifying the appropriate IP address for each machine. >Question 3: By opening up port 5900 on the dsl router, am I also >opening up a hole in my firewall that a hacker (or whatever we're calling >them) can detect and walk through? Yes. Anytime you poke a hole in your firewall, you decreasing the level of security of your network. As port 5900 is a well known port for VNC, one thing you might consider is to change it to a non-standard port. This proposal is not foolproof but it will reduce the chances of being detected by someone specifically scanning for machines running VNC on port 5900. >Thanks for your help. You are welcome. Hope you find some of this helpful. Feel free to let The List know if you run into any problems. Michael --------------------------------------------------------------------- To unsubscribe, mail [EMAIL PROTECTED] with the line: 'unsubscribe vnc-list' in the message BODY See also: http://www.uk.research.att.com/vnc/intouch.html ---------------------------------------------------------------------
