VNC & PORTS Has me all confuzzled

[Vini]

Ports 5900+5800 closed from the outside.

5 servers running EchoVNC Server
1 client running tightVNC to get into the server.

------------------------------------------------------

I have EchoVNC Server running at home, all fine and dandy. we've opened TCP 5900 + 5800 outgoing and yet i still cant connect. ShieldsUP reports the ports are closed. Is this because its trying to come IN to our ports, and we only have OUT open?

whats going on?

and... if we were to open incoming, how would VNC in know which VNC Server to connect to? obviously its just one static, wan ip.

/confuzzled.

is it going to be easier to ditch all these VNC clients and use RDP, which i believe is encrypted, which is what we're after. and if so, what ports do we open for thaT?

[darrensen]

I use Ultra VNC and Real VNC. Ensure your Windows Firewall is off and maybe change the default port. I found for some reason with Real that it didnt like me forwarding on port 5900????

[Splash]

When you setup VNC server the default port is usually 5900 for the first display (ie hostname:0) and then 5901 for the second (hostname:1) - that make sense? Basically what you need to do is setup your VNC servers to run on different ports to each other, then forward those ports from your WAN connection to the relevant private ip address of the machines running VNC server.

As for RDP - AFAIK that runs on 3389, so you're back in the same boat of not being able to access more than one machine behind your firewall.

[Vini]

When you setup VNC server the default port is usually 5900 for the first display (ie hostname:0) and then 5901 for the second (hostname:1) - that make sense? Basically what you need to do is setup your VNC servers to run on different ports to each other, then forward those ports from your WAN connection to the relevant private ip address of the machines running VNC server.

As for RDP - AFAIK that runs on 3389, so you're back in the same boat of not being able to access more than one machine behind your firewall.

we're not particularly interested in the incoming connections to the Office, more outgoing to our sales guys on the road.

me and mr it#2 will never need to VNC into the server from elsewhere. so the setup should be dead simple. just like a normal home VNC would be.

we have


me - mr it #1 (software fw disabled) - tightvnc viewer
¦
V
###firewall### (ports 5800+5900 out)
¦
V
me - home pc (software firewall and nat permitting access) - echovnc server

[Splash]

Sorry - I clearly misunderstood you! so you're wanting to admister by remote control a total of 5 PCs with seperate public ip addresses? Or are your sales guys connecting in to work network via VPN/dialup (and hence they have private ip addresses which are within your corporate network)?

If the latter your firewall probably doesn't come into it as they are within you corporate LAN (I'm assuming that any VPN/dialup setup isn't quarantined for the purposes of this, though if done properly it should be).

Connecting to home really depends on your firewall setup. Is it stateful? If so then you only need allow the outbound connection, as the inbound packets will be permitted through as they are requested. Also be aware that you would need to allow inbound connections on your home NAT/firewall.

Again, if I have the wrong end of the stick lemme know!

[Vini]

i think you were right first time... the best example is...

'i want to login to my pc at home to monitor my system temperatures' --> this is an example.

im sat at work, with TightVNC viewer running, im trying to login to my IP at home, xxx.xxx.xxx.xxx, im getting Connection refused. Presumably because the ports on our firewall in the office are not letting traffic on 5900.

try it yourself, try connecting to... vini.mine.nu what do you get? If you get refused, then possibly the firewall at my home pc isnt setup correctly.

[Splash]

I'm behind a corporate firewall here and there's no chance on this earth they'll open up VNC ports for me! I can test when I get home if you like Vini?

Connection refused suggests an issue with your home firewall/router - what are you running?

When I goto vini.mine.nu:8080 (normal router management port for that sort of thing) I get 401 unauthorised - 192.168.1.10 is managing this device. I suspect that you need to forward 5900 from your home firewall to you home PC's private ip (prolly 192.168.1.10)

[Vini]

that is what ive done.

see 8080 is blocked here so i cant get that far

looks like i just need to play about at home, i too am behind corp firewall, but managed to wangle 5800 + 5900 open.