Firewall setup

Andy Mason amason "at" mail.cebra.com
Fri, 11 Aug 2000 19:52:33 +0000


A few options:

Easiest, but least secure:  have port 5900-59xx (as many as you need) open
on your firewall, and rely on VNC authentication for security.

Better idea:  Install SSH on a Linux server inside the firewall and pass SSH
traffic through.  Use SSH's port forwarding options to forward your
connection to the SSH host of your choice.  This is described on VNC site:

http://www.uk.research.att.com/vnc/sshwin.html

I'm doing this and it works great.  I'm actually going from Win98 at home to
control by NT box at work, from there I can get to any server.  Unless a
piece of hardware dies, I can do anything I need to remotely.  If you do it
in the right combination (Linux, SSH 1.2.27 or OpenSSH, TeraTerm, and VNC)
it's all free to boot.  You may have to watch the SSH licensing for now,
since most SSH distributions come with RSA, and you have to disable it (or
replace with a weaker version).  The patent expires in the US around Sept.
20th, and you can then use RSA authenticaion to log in, which is nice.

Andy.

> -----Original Message-----
> From: Dewar Charles R [mailto:Charles.Dewar "at" LonestarHealth.com]
> Sent: Friday, August 11, 2000 2:09 PM
> To: WinVNC list (E-mail)
> Subject: Firewall setup 
> 
> 
> Here's the plan. We want to set up a DSL connection from our 
> LAN to the
> internet and DSL connections from users' homes to the 
> internet. How could we
> set up a firewall or some other way so that only the WinVNC 
> port traffic is
> passed through. This firewall/VPN connection would only be for WinVNC
> traffic. Ideas?
> 
> 
> Charles
> ---------------------------------------------------------------------
> To unsubscribe, send a message with the line: unsubscribe vnc-list
> to majordomo "at" uk.research.att.com
> See also: http://www.uk.research.att.com/vnc/intouch.html
> ---------------------------------------------------------------------
---------------------------------------------------------------------
To unsubscribe, send a message with the line: unsubscribe vnc-list
to majordomo "at" uk.research.att.com
See also: http://www.uk.research.att.com/vnc/intouch.html
---------------------------------------------------------------------