vnc w/ 4port Linksys DSL router

Michael Milette tng "at" cyberus.ca
Sun, 06 Jan 2002 04:32:54 +0000


At 05:18 PM 2002-01-05, you wrote:
>Question 1:   I understand that I have to set port forwarding on the dsl
>router setup to port 5900 (or 59xx), but what address do I plug in to be
>forwarded?  I presume I use one of the addresses supplied by my ISP, but
>do I use the IP address, the Primary DNS, the Gateway, or the Subnet
>Mask, or do I use the Destination LAN (DCHP) IP address?  I'm new at
>networking, and a bit confused as to which address to use.

1) The "Service Port Range" needs to be set to 5900~5900.
2) The protocol must be set to TCP.
3) The IP address is the address of the host machine you want to take over.

If this doesn't work, please note that you may have to open port 5800 as 
well if you are using the Java viewer in a web browser. Try looking though 
the FAQ's for more information. The FAQ can be found at 
http://www.uk.research.att.com/vnc/faq.html.

>Question 2:   The Linksys dsl router requires me to turn off DCHP to use
>Port Forwarding.  Am I loosing something important by doing this?

Check again. Unless you are using one of the BETA revisions of the 
firmware, you should not have to disable DHCP in order to enable port 
forwarding.

DHCP is used to assign each of the computers on your network a unique IP 
address. If all of the companies IP addresses are hard coded, you do not 
require DHCP.

Note that in some cases, DHCP will assign a different address to a machine 
when that machine requests or tries to renew its address. If this happen, 
you will not be able to VNC though the router as the address set under 
forwarding will no longer correspond to the right machine, if any at all. 
In this case, hard coded IP addresses will be the only way to ensure a 
consistent IP address. Note that only the machines running a VNC host you 
will be connecting to will require a hard coded address.

Finally, if you plan on connecting to more than one machine on your network 
though the Linksys, you will need to have them each setup on a different 
port. For example, Jack's machine will be listening for a VNC connection on 
port 5900. Larry's might be on 5901, Mary's on 5902, etc. In that case, you 
will have to add a port forwarding entry on the Linksys for each machine, 
also specifying the appropriate IP address for each machine.

>Question 3:   By opening up port 5900 on the dsl router, am I also
>opening up a hole in my firewall that a hacker (or whatever we're calling
>them) can detect and walk through?

Yes. Anytime you poke a hole in your firewall, you decreasing the level of 
security of your network. As port 5900 is a well known port for VNC, one 
thing you might consider is to change it to a non-standard port. This 
proposal is not foolproof but it will reduce the chances of being detected 
by someone specifically scanning for machines running VNC on port 5900.

>Thanks for your help.

You are welcome. Hope you find some of this helpful. Feel free to let The 
List know if you run into any problems.

                                 Michael
---------------------------------------------------------------------
To unsubscribe, mail majordomo "at" uk.research.att.com with the line:
'unsubscribe vnc-list' in the message BODY
See also: http://www.uk.research.att.com/vnc/intouch.html
---------------------------------------------------------------------