How I, a newbie, got VNC to work across the Web with SOHO
firewall on cable modem
Fri Jul 11 13:08:00 2003
In this list there regularly pops up a cry for help: "I can't reach my
home computer using VNC via the Web" -- that is, with the Java-enabled browser.
Reading answers in the archives here and from many a Web search gave me
only partial clues here and there, because I don't understand what a NAT
is, what tunneling is, or what is meant by IP address, gateways, dynamic
DNS or other terms casually flung about. Of course, I should not be trying
to do anything along this line, but there you are: I wanted to work my
home computer when I was on the road.
The solution to my problem turned out to be multi-fold. (My problem was
this: I could reach my primary home computer via browser anywhere on any
of my home-based local-area network machines. However, I could NOT reach
my primary home computer when using a browser on any machine outside my
Unlayering the problem like a cosmic onion resulted in the following:
1. The Java viewer in VNC -- no surprise -- needs Java. Microsoft has
stopped including Java in Internet Explorer because someone yapped at them
and they took their baseball bat and went home.
So, if you're using a late-model IE, you probably have to download Java
from Sun. Sun has finally shielded us from having to know what "Java
virtual machine" means by automating the process at
2. My SMC Barricade router/hub/firewall whatever-the-heck-it-is, which I
threw into my cable modem setup to save me from nasty people and then later
turned into a LAN by adding other computers to it, had to be told that VNC
is OK to let through.
For the Barricade, this is done by going into the configuration utility,
clicking on "Virtual Server" (no idea what that means) and indicating
"Service Ports" of 5800 and 5900 for the IP address of the primary home
computer. The latter is easily found by hovering your mouse over the VNC
icon in the little tray at the bottom of the screen. Owing to confusing
chatter in various places, I also added Service Ports 5801 and 5901, but I
have no idea why.
3. The browser running the Java viewer has to be told the IP address of
the SMC Barricade, NOT THE IP ADDRESS OF YOUR HOME COMPUTER as all the VNC
docs tell you.
As a way of torturing you, this turns out to be ABSOLUTELY NOT the same as
the IP address that the SMC Barricade tells you it is, if your cable ISP,
like mine, assigns you a dynamic IP address -- that is, one that can change
at the whim of the ISP provider. I don't know how the ISP does this, and I
don't care. I found mine through a helpful guy at my ISP's phone-based
4. The solution to reaching this dynamic IP is, of course, "dynamic
DNS." I think this is a named (or numbered) Web address -- an address you
choose -- that maps itself to your actual IP address, even when the latter
changes. The practical result is that on any computer anywhere, you can
enter an unchanging (non-dynamic) URL in the address line of your browser
and still talk to yourself, regardless of where you have gone as the result
of your ISP futzing with your IP address (probably called 'dynamizing' it).
The free dynamic DNS service from No-IP works for me (No-IP Free at
http://www.no-ip.com/index.php). There are others that you can pay for and
probably these have advantages. I was not able to discern what they are.
5. This whole thing, I'm told, is unsafe because nasty people can "sniff
your packets." I hope this does not mean what it appears to mean
(something akin to what those ill-trained pet dogs do to your
trousers). To keep baddies from sniffing, apparently, you have to "tunnel"
via "SSL." If and when I understand what that means in the IBM-clone
world, I'll be back with an update.
Point 1 took me several hours to find out.
Point 2 took me 3 days to work out
Point 3 took an additional day
Point 4 took half a day
Point 5 is still unresolved and I'm still just a dog watching television on