setting vncviewer to listen on specific port?

Ingecom - SERRE Jean-Christophe jcs "at" ingecom.com
Fri, 09 Jun 2000 13:00:05 +0000 

"Jason R. Coombs" <jaraco "at" nmt.edu> wrote:
> 
> It's pretty well documented how to set WinVNC to listen on a specific port
> and to connect with the viewer in that configuration.
> 
> I've got a machine behind a firewall that I'd like to connect to, so I'd
> like it to be able to connect to a client outside the firewall.  I can only
> use port 23 or 80.
> 
> I can set the port in WinVNC.  How do I set it for the listening vncviewer?

I'm not sure to understand exactly what you want to do nor why you need
to change this. You seem to be already aware that you can make your
WinVNC listen or port 80, and then you can instruct the client to start
a connection to "your.server.external.ip:-5820" so as to have him view
your server through firewall.

Do you really mean that you want to initiate that remoting from your
internal server towards an external listening client?

The client listens on ports 5400 and 5500. I dunno for 5400 (I reckon
it's only used by ATT's internal version CORBA features), but for the
official version only port 5500 is used.

When you do -connect or "Add new client" in WinVNC server, the server
will connect to client:5500 and will keep that TCP connection for the
remoting, so the whole VNC session will be in that channel:
  serverIP:randomHighPort <--> clientIP:5500
As you see, the port/display settings in the server are completely
unrelated to server-initiated sessions, they only apply to the
client-initiated sessions.

AFAIK there's currently NO setting for specifying another port. As a
side note, it should be quick&easy to make VNC accept this as an
argument, that is adding support for:
  client -listen[:port]
  server -connect host[:port] and hability to Add "host:port"
If you have VC++ compiler and some time...

Else, you can currently still do that but you'll have to use two port
forwarders (e.g. see rinetd http://www.boutell.com/rinetd/)

-On server you enable VNC's AllowLoopback registry option
-On server you run rinetd with rule
 127.0.0.1 5500 clientIP 23
-On client you run rinetd with rule
 0.0.0.0 23 127.0.0.1 5500

With all this setup, you can have the server -connect 127.0.0.1, and
this will actually remote everything to the listening client through
firewall -- I choosed 23 because it's less likely to be already in use
than 80 on the target client.

Also, note that you can add allow/deny rules to the client's rinetd
config so as to make it reachable only from your server's IP -- having a
VNC listening client opened to the internet is a security risk (it would
be easy to crash it).

-- 
JCS - Jean-Christophe SERRE - INGECOM France - +33 (0)1.48.34.12.34

Le Titanic a finalement iti couli par le seul truc insubmersible
viritable sur notre planhte, un gros glagon. Le Titanic pouvait pas
faire face ` de l'eau trop froide. (Alain Turgeon)
---------------------------------------------------------------------
To unsubscribe, send a message with the line: unsubscribe vnc-list
to majordomo "at" uk.research.att.com
See also: http://www.uk.research.att.com/vnc/intouch.html
---------------------------------------------------------------------