VNC, DNS2GO and DLINK 704 ROUTER

John Roland Elliott John_Roland_Elliott "at" Hotmail.com
Wed, 07 Nov 2001 02:15:37 +0000 

First of all, unless you have some first-hand reason to believe that DHCP is
going to rearrange your IP addresses willy-nilly, don't worry that the D in
DHCP is "dynamic". It's been my experience with these broadband gateways in
conjunction with Windows machines that once they get an IP address, they
continue to use it. When they lease expires, they just renew it rather than
getting a new IP address.

I have a similar configuration to the one you initially described, namely,
one viewer behind a broadband gateway connecting through the Internet to
multiple servers, also behind another broadband gateway. Here is how I set
it up at first:

Viewer:    192.168.42.42

Servers:    192.168.123.101:5901, 192.168.123.102:5902,
192.168.123.103:5903, ...

Viewer-end gateway at public address "xyzzy.mediaone.net": no unusual
configuration

Servers-end gateway at public address "mumble.mediaone.net":
    port 5901 redirected to 192.168.123.101
    port 5902 redirected to 192.168.123.102
    etc.

I don't know what terminology your DLink gateways use for the redirection
... my SMCs use the terminology "Virtual Server", "Service Port", and
"Server IP".

To establish a VNC connection to 192.168.123.101, e.g., I point the viewer
to "mumble.mediaone.net:1" and to establish a VNC connection to
192.168.123.102, I point the viewer to "mumble.mediaone.net:2". The
server-end gateway, seeing traffic on its WAN side on port 5901 redirects it
to port 5901 at 192.168.123.101 and seeing traffic on its WAN side on port
5902 redirects it to port 5902 at 192.168.123.102.

The fact it, this is a particularly insecure setup (what with VNC servers
essentially sitting on the Internet inviting hackers on ports 5901, 5902,
etc.) and I shut down the redirection on the server-end gateway before we
went into production. To open it up again, I would feel it necessary to put
in some kind of secure tunnel and the SMC gateways are not up to the task.

Because I use these VNC connections predominantly to provide end-user
support and, by definition, there is a blood-pumping-air-breather at the VNC
server when I do this, I switched to using the viewer in "listen mode",
where the server initiates the connection to the viewer on port 5500. I have
the end-user's VNC server "add new client" when I need to take control over
the server. I'm less nervous to leave a viewer sitting unprotected on the
Internet inviting hackers on port 5500 than to leave the servers open.
(Besides, the viewer is my machine, not my money-paying clients.) For this
configuration:

Viewer and Servers:    same as above

Viewer-end gateway at "xyzzy.mediaone.net":
    port 5500 redirected to 192.168.42.42

Server-end gateway at "mumble.mediaone.net": no unusual configuration

To surrender control to 192.168.42.42 from any of the servers, I have the
end-user double-click on an icon that runs "c:\program
files\ORL\VNC\winvnc.exe -connect xyzzy.mediaone.net". The client-end
gateway, seeing traffic on its WAN side on port 5500 redirects it to port
5500 at 192.168.42.42, where the "listen mode viewer" resides.

----- Original Message -----
From: "Greg S. Miller" <gmiller "at" enlacesconcristo.org>
To: <vnc-list "at" uk.research.att.com>
Sent: Tuesday, November 06, 2001 10:14 AM
Subject: RE: VNC, DNS2GO and DLINK 704 ROUTER


> The systems behind the router are using the DHCP server from the router.
> And I can't redirect a port to a dynamic IP (seeing how it will change
> after the lease is up).  I could setup static IP's but it's so much
> easier with the DHCP.  Anyways there are only 5 computers (right now
> anyways) on the network.  To configure the ports what do I need to do?
> I see that you mention 59xx and 61xx I have also seen 58xx and 55xx.
> What ports will I have to open to access VNC on the server machine with
> my client?  Right now I haven't done anything on my clients router I am
> trying it out on mine (two computers connected to router.  Instead of
> using direct IP I use my dns2go.com (which redirects to my IP given by
> my ISP) it always says no connection could be established) but haven't
> been successful.  Thanks for the info.  Maybe the gateway option will
> work. I'm gonna try it out.
>
> -----Original Message-----
> From: owner-vnc-list "at" uk.research.att.com
> [mailto:owner-vnc-list "at" uk.research.att.com] On Behalf Of Glenn Mabbutt
> Sent: Tuesday, November 06, 2001 8:07 AM
> To: 'vnc-list "at" uk.research.att.com'
> Subject: RE: VNC, DNS2GO and DLINK 704 ROUTER
>
> Well, the method you use largely depends on how many PC's you have to
> connect to on the far side.  VNC supports running on arbitrary ports, so
> if
> you only need to access a couple of machines, you could use "port
> mapping"
> and map the ports through the router (ie, somerouter.com:5900 goes to
> 192.168.1.5 port 5900, somerouter.com:6100 goes to 192.168.1.6:6100,
> etc).
>
> If the above isn't that easy to do on that router, you can look at a
> "redirector" like rinetd (http://www.boutell.com/rinetd) - you would
> simply
> open ports on the far router to a machine running rinetd (say ports 200
> -
> 300), and the rinetd machine would be set up to redirect the ports to
> the
> appropriate machines (ie, port 201 gets pointed to 192.168.1.5 port
> 5900,
> port 202 gets pointed to 192.168.1.7 port 5900, etc)
>
> Alternatively, there are a couple of "VNC gateway" software packages out
> there, which would mean you would set up one box on the remote network
> to
> act as the gateway, and all you would to do is map to that one box.
> Search
> the mailing list archives and the "contributed" section on the VNC web
> site.
>
> Anyway, good luck.
>
> Glenn
>
>
>
> -----Original Message-----
> From: Greg S. Miller [mailto:gmiller "at" enlacesconcristo.org]
> Sent: Tuesday, November 06, 2001 12:05 AM
> To: vnc-list "at" uk.research.att.com
> Subject: VNC, DNS2GO and DLINK 704 ROUTER
>
>
> Does anybody know how to configure my router so that I would be able to
> access my clients pc's that are behind this same router?
>
> Here's what I want to do:
>
> My pc --> My DLINK704 Router --> Internet --> Clients DLINK704 Router
> --> VNC on pc 1,2,3,4,5
>
> What I would be doing since we both have dynamic IP's would be to use
> the DNS2GO service to access the IP.  I have not been able to even get
> to the authentication screen.  Any help would be appreciated.
> ---------------------------------------------------------------------
> To unsubscribe, mail majordomo "at" uk.research.att.com with the line:
> 'unsubscribe vnc-list' in the message BODY
> See also: http://www.uk.research.att.com/vnc/intouch.html
> ---------------------------------------------------------------------
> ---------------------------------------------------------------------
> To unsubscribe, mail majordomo "at" uk.research.att.com with the line:
> 'unsubscribe vnc-list' in the message BODY
> See also: http://www.uk.research.att.com/vnc/intouch.html
> ---------------------------------------------------------------------
> ---------------------------------------------------------------------
> To unsubscribe, mail majordomo "at" uk.research.att.com with the line:
> 'unsubscribe vnc-list' in the message BODY
> See also: http://www.uk.research.att.com/vnc/intouch.html
> ---------------------------------------------------------------------
---------------------------------------------------------------------
To unsubscribe, mail majordomo "at" uk.research.att.com with the line:
'unsubscribe vnc-list' in the message BODY
See also: http://www.uk.research.att.com/vnc/intouch.html
---------------------------------------------------------------------