FW: Another new user

Scott C. Best sbest "at" best.com
Mon, 24 Sep 2001 19:21:29 +0000


	Heya. As someone else has already suggested, this is
likely a problem with the firewall at your workplace. As per
some ICSA specifications which a lot of firewall vendors like
to adhere to, allowing outgoing connections to any arbitrary
service is a problem. Only a small handful are "allowed" by
default: ftp, telnet, www, etc.
	My suggestion would be to change the port that your
VNC service is running on. Ideally, you have a firewall behind
your cable-modem, before the hub to your LAN. If so, you can
probably setup that firewall to listen on port-80 (www), and
send everything heard onwards to port 5900 on your VNC machine.
Now you should be able to connect from work. Or, alternatively,
you can setup VNC itself to listen to a port besides 5900.
Check the email archives for the registry keys that need to
be tweaked to make this happen.

	Caveat emptor: there's a ton of Windows boxes out there
right now which are compromised with Microsoft-worms such as
CodeRed, Nimda, etc. They propagate by attacking weaknesses
in Microsoft web-servers, which of course listen on TCP port
80. So...if you run your VNC service to listen on that port,
it'll respond to these connection attempts. That's *not* to say
the worm will compromise your system via the VNC service (it
absolutely will not), but it does mean that your machine will
respond to each attempt, which may make a noticeable slowdown
on your system.
	In short....find out what ports your workplace firewall
allows out, and setup your VNC service to listen to one of them.
Good luck!


> Have used VNC at home over local lan with my Mac powerbook (OS9.1)  and 2
> other PC's (Win98 2nd ed).  Also have cable modem to the outside world at
> home.
> When I tried to connect from work on the same powerbook (through a firewall,
> going out shouldn't? be a problem), I get a t-disconnect error.  Am able to
> FTP to my machine at home, so I know IP configurations are correct.
> I've looked through archives, etc, only thing I found was a possible Open
> Transport issue, so I did make sure it was always available.
> Any other suggestions?  Would adding a registry key on the VNC server
> machine (Querytimeout) help?  If so, exactly how do I do that?
> Thanks for any help.
> Ed Schwartz
To unsubscribe, mail majordomo "at" uk.research.att.com with the line:
'unsubscribe vnc-list' in the message BODY
See also: http://www.uk.research.att.com/vnc/intouch.html