Providing (Windows) VNC support to clients that have strict c orporate firewalls

Matthew.van.Eerde@hbinc.com Matthew.van.Eerde "at" hbinc.com
Wed, 16 Jan 2002 20:50:59 +0000


There is a documented setting in the VNC Server to allow internal loopback
connections.  I don't remember what it is offhand, but it is described in
the section detailing how to create a secure connection.

> -----Original Message-----
> From: Michael Ossmann [mailto:michael.ossmann "at" alttech.com]
> Sent: Wednesday, January 16, 2002 12:26
> To: vnc-list "at" uk.research.att.com
> Subject: Re: Providing (Windows) VNC support to clients that 
> have strict
> corporate firewalls
> 
> 
> On Wed, Jan 16, 2002 at 02:40:16PM -0500, Chuck Renner wrote:
> > 
> > Since VNCviewer states, "Internal loopback connections are 
> not allowed", the
> > implication is that there is a setting that WILL allow 
> them, either in the
> > source, or in the GUI settings.  Is this the case?
> 
> I wasn't expecting this.  I have no idea why loopback connections
> wouldn't be allowed, and I suspect a source code change would be
> required to change it.  Anyone?
> 
> >       2.  Opening the SSH connection from the client to the 
> SSHD your Linux
> > firewall is effectively like creating a VPN connection from 
> the client to
> > your network.  This opens a huge security hole in your 
> network, and gives
> > someone on the client's network the ability to snoop around 
> your network
> > when the connection is made.
> 
> One of the advantages of using public key authentication is 
> that OpenSSH
> can limit port forwarding to particular host:port 
> combinations specified
> by the permitonly option in the authorized_keys file.
> 
> -- 
> Mike Ossmann, Tarantella/UNIX Engineer/Instructor
> Alternative Technology, Inc.  http://www.alttech.com/
> ---------------------------------------------------------------------
> To unsubscribe, mail majordomo "at" uk.research.att.com with the line:
> 'unsubscribe vnc-list' in the message BODY
> See also: http://www.uk.research.att.com/vnc/intouch.html
> ---------------------------------------------------------------------
---------------------------------------------------------------------
To unsubscribe, mail majordomo "at" uk.research.att.com with the line:
'unsubscribe vnc-list' in the message BODY
See also: http://www.uk.research.att.com/vnc/intouch.html
---------------------------------------------------------------------