From owner-freebsd-questions Thu Feb 3 18:44:52 2000 Delivered-To: freebsd-questions@freebsd.org Received: from milehigh.denver.net (milehigh.denver.net [204.144.180.2]) by builder.freebsd.org (Postfix) with ESMTP id 78EEF4270 for ; Thu, 3 Feb 2000 18:44:50 -0800 (PST) Received: (from jdc@localhost) by milehigh.denver.net (8.9.3/8.9.3) id TAA16145; Thu, 3 Feb 2000 19:45:16 -0700 (MST) Message-ID: <20000203194516.25358@denver.net> Date: Thu, 3 Feb 2000 19:45:16 -0700 From: John-David Childs To: Matthew Jonkman , freebsd-questions@freebsd.org Subject: Re: VNC and firewalls Reply-To: jdc@nterprise.net References: <00ab01bf6e51$18107000$350a0a0a@bussert.com.Bussert> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.79 In-Reply-To: <00ab01bf6e51$18107000$350a0a0a@bussert.com.Bussert>; from Matthew Jonkman on Thu, Feb 03, 2000 at 09:15:14AM -0500 Organization: Enterprise Internet Solutions Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Thursday February 3, 2000, Matthew Jonkman had this to say about "VNC and firewalls": > I like pcanywhere, but the fact that the vnc viewer fits on a floppy is > great. Does anyone know if vnc can be port forwarded? Absolutely! I do this all the time....but maybe not in the way you're thinking. I have Vnc running on several different servers...Unix and NT. On the Unix servers, I create an ssh tunnel from my machine (flavor doesn't matter) and then connect localhost:5900 (or 5800 for Java-based VNC access) to the unix machine port 5800/5900. The net effect is that the the "unencrypted" vnc session exists between port 22 (ssh) and port 5800/5900 of the same remote unix machine. For NT Vncservers, I set up an SSH tunnel between my client workstation (flavor doesn't matter) and a Unix machine on the same ethernet as the NT box (because I'm cheap and I don't want to purchase a commercial NT SSH server without source code). Then the Unix SSH server forwards a connection from that Unix machine to the NT Vnc port (5800/5900). The unencrypted session exists on the remote ethernet segment, and assuming proper use of switches and that the machines haven't already been hacked, the Vnc session is "secure". In fact, several of these setups use an SSH tunnel to a Unix ("firewall") server with a public IP address, forwarding VNC sessions to Unix/NT servers on the same ethernet using RFC1918 private addresses. Details on all of this are in the Vnc documentation. > > By the way, if anyone is interested in the pcanywhere registry changes to > allow it to be port forwarded I am more than happy to send them. > > Matthew Jonkman -- John-David Childs (JC612) Enterprise Internet Solutions Systems Administration http://www.nterprise.net & Network Engineering 8707 E. Florida Ave #814 Denver, CO 80231 You never know how many friends you have until you rent a house on the beach. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message