VNC / Java through a Proxy / Firewall

Ingecom - SERRE Jean-Christophe jcs "at" ingecom.com
Fri, 23 Jun 2000 07:38:21 +0000 

Scott Bowden <bowden "at" WPI.EDU> wrote:
>
> I'm behind a HTTP proxy and a firewall. I did some portscanning, and I
> know that ports 32790 and 32792 are open for TCP . So my plan was to use
> 32790 for my VNC port, and 32792 as the http port for loading the java
> applet.
>
> I tried this:
>
>   > ./vncserver :26890 -httpport 32792
>
> The purpose of this being to make it so that the HTTP runs on 32792 , and
> the actual VNC runs on 32790 (26890 + 5900).
>
> I can access the system via http://ip:32792 , and I get the login
> box. However, when I try to login, it sits for a minute or so, and then
> gives me a 'java.net.NoRouteToHostException: Operation timed out'.
>
> So it looks like the HTTP port is working, but I'm not making it to the
> VNC port. Am I missing something here? [Is the actual VNC UDP and not
> TCP?]

>From the viewer station, can you ping and traceroute the VNC server?

>From the java error you get, it looks like your station has no default
gateway set up -- a common LAN workstation setup is to have no gateway
and just an HTTP proxy in the browser for web access.

An HTTP proxy isn't enough for using the Java VNC: the browser (and HTTP
proxy) are just here for *downloading* a Java version of the viewer.
After that, the Java viewer runs mostly as the standard viewer and
requires being able to directly open its own TCP connection to the
remote VNC server.

The Java and standard viewers have the same network requirements,
they're just written in different languages -- thus you need to be able
to run the normal viewer before being possibly able to use the Java one.

So if your workstation doesn't have a gateway, you'll have to give it
one plus some NAT/mappings for allowing it to connect to outside hosts.
Alternatives could be:

-"SOCKSify" your browser if your firewall is SOCKS-compliant so as to
allow the browser and its embedded applet to go play outside.

-Use a tool such as HTTPort if your HTTP proxy supports the CONNECT
command (but it should then be disabled :-)

--
JCS - Jean-Christophe SERRE - INGECOM France - +33 (0)1.48.34.12.34

Titanic was ultimately sunk by the only true unsinkable thingy
on our planet -- a big ice cube. Titanic couldn't face
too cold water. (Alain Turgeon)
---------------------------------------------------------------------
To unsubscribe, send a message with the line: unsubscribe vnc-list
to majordomo "at" uk.research.att.com
See also: http://www.uk.research.att.com/vnc/intouch.html
---------------------------------------------------------------------