Date: Thu, 3 Feb 2000 19:45:16 -0700 From: John-David Childs <jdc@denver.net> To: Matthew Jonkman <jonkman@bussert.com>, freebsd-questions@freebsd.org Subject: Re: VNC and firewalls Message-ID: <20000203194516.25358@denver.net> In-Reply-To: <00ab01bf6e51$18107000$350a0a0a@bussert.com.Bussert>; from Matthew Jonkman on Thu, Feb 03, 2000 at 09:15:14AM -0500 References: <00ab01bf6e51$18107000$350a0a0a@bussert.com.Bussert>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thursday February 3, 2000, Matthew Jonkman <jonkman@bussert.com>
had this to say about "VNC and firewalls":
> I like pcanywhere, but the fact that the vnc viewer fits on a floppy is
> great. Does anyone know if vnc can be port forwarded?
Absolutely! I do this all the time....but maybe not in the way you're
thinking.
I have Vnc running on several different servers...Unix and NT. On the Unix
servers, I create an ssh tunnel from my machine (flavor doesn't matter)
and then connect localhost:5900 (or 5800 for Java-based VNC access) to the
unix machine port 5800/5900. The net effect is that the the "unencrypted"
vnc session exists between port 22 (ssh) and port 5800/5900 of the same
remote unix machine.
For NT Vncservers, I set up an SSH tunnel between my client workstation
(flavor doesn't matter) and a Unix machine on the same ethernet as the NT
box (because I'm cheap and I don't want to purchase a commercial NT SSH
server without source code). Then the Unix SSH server forwards a
connection from that Unix machine to the NT Vnc port (5800/5900). The
unencrypted session exists on the remote ethernet segment, and assuming
proper use of switches and that the machines haven't already been hacked,
the Vnc session is "secure".
In fact, several of these setups use an SSH tunnel to a Unix ("firewall")
server with a public IP address, forwarding VNC sessions to Unix/NT
servers on the same ethernet using RFC1918 private addresses.
Details on all of this are in the Vnc documentation.
>
> By the way, if anyone is interested in the pcanywhere registry changes to
> allow it to be port forwarded I am more than happy to send them.
>
> Matthew Jonkman
--
John-David Childs (JC612) Enterprise Internet Solutions
Systems Administration http://www.nterprise.net
& Network Engineering 8707 E. Florida Ave #814 Denver, CO 80231
You never know how many friends you have until you rent a house on the
beach.
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000203194516.25358>