Binding VNC to a nic on a multi nic system

[Matthew Drouin]

In reply to the message found at the bottom of this e-mail:

Alex:
    Good idea but then the cost of proxy on each server comes into mind and
the fact that the proxy might actually be a bigger hole then having vnc on
there depending on the proxy. I will definitly test this idea out. I really
did not even think about it but as I do it would make a lot of sense because
it would then secure the servers.

Thanks
Matthew Drouin
matt "at" webhosters.com


Why not do this properly and use your firewall to only allow access to the
ports on the external card that you want to use, eg 80 for www, etc etc...

If you can connect from the Net to any port on "external" card in that
server, then you have a security problem already.  I suggest you stop people
getting to the box, unless allowed to do so - eg to port 80.

Just my £0.02 worth...


Alex Heylin

----- Original Message -----
From: Matthew Drouin <matt "at" webhosters.com>
To: <vnc-list "at" uk.research.att.com>
Sent: Sunday, June 06, 1999 6:41 PM
Subject: Binding VNC to a nic on a multi nic system


> Hello--
>     I have been looking all to see if vnc already supports binding to a
> single nic on a multiple nic system. The gist of it is that there are 2
> network cards in all the web servers for a company I am doing some
> consulting for. One nic is an internal card (for the internal network) and
> one is a real world card (for the internet). It would be awesome if it was
> possible to bind it such that only connections from the internal nic could
> be made to the vnc server. The reason I want this is so that I can dial
into
> the local network and vnc to the machines without having to worry about
> people from the internet being able to connect to the machines. I don't
> think that denying ip's will work because it so happens the internal
network
> is 125.1. which I think is routable on the internet so I would deny all
> besides that and if someone was from that subnet then they could still get
> in. But I could be incorrect and if I am that would be very kewl. I also
> know adding in the binding is not a hard thing to do but why do it if its
> already done and I just missed it in the documentation.
>
> Thanks
> Matthew Drouin
> matt "at" webhosters.com
> Definitive Guide to World Wide Web Providers
>
>
> ---------------------------------------------------------------------
> The VNC mailing list - see http://www.uk.research.att.com/vnc/intouch.html
> ---------------------------------------------------------------------
>


---------------------------------------------------------------------
The VNC mailing list - see http://www.uk.research.att.com/vnc/intouch.html
---------------------------------------------------------------------