Page 1 of 2 12 LastLast
Results 1 to 10 of 12

Thread: A game plan for VNC through firewall to workplace

  1. #1
    Join Date
    Mar 2008
    Location
    Oz
    Posts
    11,728
    Blog Entries
    2

    Default A game plan for VNC through firewall to workplace

    I've not used VNC before. The scenario is: I want to operate my wife's XP computer in a work environment from a remote Suse 11.0 computer. I see openSUSE has tight VNC. I see there's a windows xp version of tight VNC and there's also a GNU free offering of ultraVNC for windows.

    Do I use tightVNC on both the Suse and the XP machines (I think so)?

    The work environment is very large, a hospital with all that entails and with a sophisticated firewall, addressed through a domain name. My wife's work computer has a fixed IP address on a subnet dedicated to the department she works in.

    What do I ask the IT department at the workplace to open in their firewall so I can vnc direct to her computer?

    Any other tips/advice would be very welcome?

    A link to a tutorial would be nice too?

    Thanks

    Swerdna
    Leap 42.3 & 15.1 &KDE
    FYIs from the days of yore

  2. #2
    ab@novell.com NNTP User

    Default Re: A game plan for VNC through firewall to workplace

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    First, good luck with this.... IT departments don't typically like
    opening ports like this at all. Basically assuming you have SUSE setup
    properly you'll be able to access the main desktop (display :0.0) to see
    what the local user is actually doing, right? If that's your goal then
    it will probably use, on the host, port 5900. You'll need to open this
    in the host firewall. You'll also need to open this port in the
    corporate firewall(s) or some port that will forward to this ip/port in
    the same. For example they may have you forward 15900 to 5900 on this
    box to prevent scanning from being as efficient since VNC is
    encryption-less by default and a wide open 5900 port is just asking to
    be attacked. You should be able to see the port listening on the host
    before the connection is made, of course and if not you need to make
    sure that is done and VNC works locally before you try getting it
    through a firewall from home.

    netstat -anp | grep 'LISTEN ' | grep 590

    Good luck.





    swerdna wrote:
    > I've not used VNC before. The scenario is: I want to operate my wife's
    > XP computer in a work environment from a remote Suse 11.0 computer. I
    > see openSUSE has tight VNC. I see there's a windows xp version of tight
    > VNC and there's also a GNU free offering of ultraVNC for windows.
    >
    > Do I use tightVNC on both the Suse and the XP machines (I think so)?
    >
    > The work environment is very large, a hospital with all that entails
    > and with a sophisticated firewall, addressed through a domain name. My
    > wife's work computer has a fixed IP address on a subnet dedicated to the
    > department she works in.
    >
    > What do I ask the IT department at the workplace to open in their
    > firewall so I can vnc direct to her computer?
    >
    > Any other tips/advice would be very welcome?
    >
    > A link to a tutorial would be nice too?
    >
    > Thanks
    >
    > Swerdna
    >
    >

    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.4.2 (GNU/Linux)
    Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

    iD8DBQFI2qXc3s42bA80+9kRAsp0AJ9lRLz1FPWNROi9QkNnyFSFzu1X8ACgh7J5
    uK4RB2oLqnFBWZcPyQO3QfI=
    =oELP
    -----END PGP SIGNATURE-----

  3. #3
    Join Date
    Mar 2008
    Location
    Oz
    Posts
    11,728
    Blog Entries
    2

    Default Re: A game plan for VNC through firewall to workplace

    Quote Originally Posted by ab@novell.com View Post
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    First, good luck with this.... IT departments don't typically like
    opening ports like this at all. Basically assuming you have SUSE setup
    properly you'll be able to access the main desktop (display :0.0) to see
    what the local user is actually doing, right? If that's your goal then
    it will probably use, on the host, port 5900. You'll need to open this
    in the host firewall. You'll also need to open this port in the
    corporate firewall(s) or some port that will forward to this ip/port in
    the same. For example they may have you forward 15900 to 5900 on this
    box to prevent scanning from being as efficient since VNC is
    encryption-less by default and a wide open 5900 port is just asking to
    be attacked. You should be able to see the port listening on the host
    before the connection is made, of course and if not you need to make
    sure that is done and VNC works locally before you try getting it
    through a firewall from home.

    netstat -anp | grep 'LISTEN ' | grep 590

    Good luck.
    Thanks. That gives me some direction.

    I'll get it working at home on a LAN, Suse to xp. Then from a notebook (using wireless) to xp the home LAN (using cable). Then I'll get it working on my wife's subnet at work. Then I'll feel confident to go see the IT department at her work. She has some leverage there because she works for a group of surgeons who pay the hospital for their facilities and as we know, money opens all sorts of doors, perhaps even ports too.
    Leap 42.3 & 15.1 &KDE
    FYIs from the days of yore

  4. #4
    Join Date
    Jun 2008
    Location
    Podunk
    Posts
    27,205
    Blog Entries
    15

    Default Re: A game plan for VNC through firewall to workplace

    Quote Originally Posted by swerdna
    ab@novell.com;1875287 Wrote:
    > -----BEGIN PGP SIGNED MESSAGE-----
    > Hash: SHA1
    >
    > First, good luck with this.... IT departments don't typically like
    > opening ports like this at all. Basically assuming you have SUSE
    > setup
    > properly you'll be able to access the main desktop (display :0.0) to
    > see
    > what the local user is actually doing, right? If that's your goal
    > then
    > it will probably use, on the host, port 5900. You'll need to open
    > this
    > in the host firewall. You'll also need to open this port in the
    > corporate firewall(s) or some port that will forward to this ip/port
    > in
    > the same. For example they may have you forward 15900 to 5900 on this
    > box to prevent scanning from being as efficient since VNC is
    > encryption-less by default and a wide open 5900 port is just asking to
    > be attacked. You should be able to see the port listening on the host
    > before the connection is made, of course and if not you need to make
    > sure that is done and VNC works locally before you try getting it
    > through a firewall from home.
    >
    > netstat -anp | grep 'LISTEN ' | grep 590
    >
    > Good luck.

    Thanks. That gives me some direction.

    I'll get it working at home on a LAN, Suse to xp. Then from a notebook
    (using wireless) to xp the home LAN (using cable). Then I'll get it
    working on my wife's subnet at work. Then I'll feel confident to go see
    the IT department at her work. She has some leverage there because she
    works for a group of surgeons who pay the hospital for their facilities
    and as we know, money opens all sorts of doors, perhaps even ports too.
    Hi
    I would also look at using a non standard port eg 15900 the other
    option is to look at using krdc, then on the xp machine allow the
    remote desktop connection.

    --
    Cheers Malcolm (Linux Counter #276890)
    openSUSE 11.0 x86 Kernel 2.6.25.16-0.1-default
    up 1 day 11:33, 2 users, load average: 0.12, 0.09, 0.03
    GPU GeForce 6600 TE/6200 TE - Driver Version: 173.14.12


  5. #5
    Join Date
    Mar 2008
    Location
    Oz
    Posts
    11,728
    Blog Entries
    2

    Default Re: A game plan for VNC through firewall to workplace

    Quote Originally Posted by malcolmlewis View Post
    Hi
    I would also look at using a non standard port eg 15900 the other
    option is to look at using krdc, then on the xp machine allow the
    remote desktop connection.

    --
    Cheers Malcolm (Linux Counter #276890)
    openSUSE 11.0 x86 Kernel 2.6.25.16-0.1-default
    up 1 day 11:33, 2 users, load average: 0.12, 0.09, 0.03
    GPU GeForce 6600 TE/6200 TE - Driver Version: 173.14.12
    I like the non-standard port idea, thanks.
    Leap 42.3 & 15.1 &KDE
    FYIs from the days of yore

  6. #6
    Join Date
    Mar 2008
    Location
    Oz
    Posts
    11,728
    Blog Entries
    2

    Default Re: A game plan for VNC through firewall to workplace

    Just an afterthought to all this:
    Is there a "free" version of VNC that works with vista?
    If not then what software would you recommend to do the job?

    Thanks
    Swerdna
    Leap 42.3 & 15.1 &KDE
    FYIs from the days of yore

  7. #7
    ab@novell.com NNTP User

    Default Re: A game plan for VNC through firewall to workplace

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    Have you Googled? Just using 'vnc vista' (sans quotes) found some
    options that look promising.

    Good luck.





    swerdna wrote:
    > Just an afterthought to all this:
    > Is there a "free" version of VNC that works with vista?
    > If not then what software would you recommend to do the job?
    >
    > Thanks
    > Swerdna
    >
    >

    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.4.2 (GNU/Linux)
    Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

    iD8DBQFI4+Qy3s42bA80+9kRApIpAJ9QhqOb6JhxyF3ZNG24bQkHNwKI3ACaAjER
    UrqVy2V05GbqTfcQL64p8ZE=
    =+zHD
    -----END PGP SIGNATURE-----

  8. #8
    Join Date
    Mar 2008
    Location
    Oz
    Posts
    11,728
    Blog Entries
    2

    Default Re: A game plan for VNC through firewall to workplace

    Quote Originally Posted by ab@novell.com View Post
    Have you Googled? Just using 'vnc vista' (sans quotes) found some
    options that look promising.

    Good luck.
    There is apparently no workaround (that I can find) that allows VNC to operate as a service on the vista machines unless I pay money approx $US30/50 for realVNC personal/enterprise. That grates.
    Leap 42.3 & 15.1 &KDE
    FYIs from the days of yore

  9. #9
    ab@novell.com NNTP User

    Default Re: A game plan for VNC through firewall to workplace

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    Try UltraVNC
    http://www.uvnc.com/download/

    Version 1.0.5 looks free and supposedly supports Vista.

    Good luck.





    swerdna wrote:
    > ab@novell.com;1878238 Wrote:
    >> Have you Googled? Just using 'vnc vista' (sans quotes) found some
    >> options that look promising.
    >>
    >> Good luck.

    > There is apparently no workaround (that I can find) that allows VNC to
    > operate as a service on the vista machines unless I pay money approx
    > $US30/50 for realVNC personal/enterprise. That grates.
    >
    >

    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.4.2 (GNU/Linux)
    Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

    iD8DBQFI5EMg3s42bA80+9kRAlD+AJ4iYucA8Zbr/0Nst7D3IigBt/XKYwCffUzB
    oV9zub1nSIpWBqjfezG/uPQ=
    =hKR8
    -----END PGP SIGNATURE-----

  10. #10
    Join Date
    Mar 2008
    Location
    Oz
    Posts
    11,728
    Blog Entries
    2

    Default Re: A game plan for VNC through firewall to workplace

    I missed that --and it had a big photo on the home page saying vista support (new in September)!
    Thanks I'll try it out.
    Leap 42.3 & 15.1 &KDE
    FYIs from the days of yore

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •