Providing (Windows) VNC support to clients that have strict corporate firewalls

Michael Ossmann michael.ossmann "at"
Wed, 16 Jan 2002 20:40:06 +0000

On Wed, Jan 16, 2002 at 02:40:16PM -0500, Chuck Renner wrote:
> Since VNCviewer states, "Internal loopback connections are not allowed", the
> implication is that there is a setting that WILL allow them, either in the
> source, or in the GUI settings.  Is this the case?

I wasn't expecting this.  I have no idea why loopback connections
wouldn't be allowed, and I suspect a source code change would be
required to change it.  Anyone?

>       2.  Opening the SSH connection from the client to the SSHD your Linux
> firewall is effectively like creating a VPN connection from the client to
> your network.  This opens a huge security hole in your network, and gives
> someone on the client's network the ability to snoop around your network
> when the connection is made.

One of the advantages of using public key authentication is that OpenSSH
can limit port forwarding to particular host:port combinations specified
by the permitonly option in the authorized_keys file.

Mike Ossmann, Tarantella/UNIX Engineer/Instructor
Alternative Technology, Inc.
To unsubscribe, mail majordomo "at" with the line:
'unsubscribe vnc-list' in the message BODY
See also: