remote port forwarding and vnc

Christopher Hickman tophu "at" mac.com
Sat Jan 24 16:34:00 2004


If you are using WinVNC, then you need to set the LoopbackOnly option.  
I have run into this before.  Here's a excerpt from the documentation 
<http://realvnc.com/winvnc.html> that explains it:

LoopbackOnly
By default, WinVNC servers accept incoming connections on any network 
adapter address, since this is the easiest way of coping with 
multihomed machines. In some cases, it is preferable to listen only for 
connections originating from the local machine and aimed at the 
"localhost" adapter - a particular example is the use of VNC over SSH 
to provide secure VNC.  Setting this registry entry to 1 will cause 
WinVNC to only accept local connections - this overrides the 
AllowLoopback and AuthHosts settings.  Setting this entry to zero 
causes WinVNC to accept connections on any adapter and is the default 
setting. Local machine-specific setting.

Local machine-specific settings. Options specified here are not 
overridable.
Location:
HKEY_LOCAL_MACHINE\Software\ORL\WinVNC3\

Good luck,
Topher

On Saturday, January 24, 2004, at 07:19  AM, mneevens "at" xs4all.nl wrote:

> Hi All,
>
> I just started to play with vnc, but I do have
> experience with remote port forwarding with ssh.
> This is the problem I encountered:
>
> At work, behind my employers firewall, I run the vnc server
> (on windows 2000) on the standard 5900 port. I then use
> a ssh client to connect to my linux machine at home, therebye
> forwarding the remote port 5900 to the local port 5900 :
> "ssh -l root -R:5900:localhost:5900 my.machine.at.home",
>
> When at home, I run the vncviewer (for Linux), I expected to get
> my desktop at work when doing "vncviewer localhost", but the vncviewer
> stops and says, "local loopback connections are disabled".
>
> I guess my port forwarding is not the problem: when I try to telnet
> to localhost 5900, I get a response:
>
>> telnet localhost 5900
> Trying 127.0.0.1...
> Connected to localhost.localdomain (127.0.0.1).
> Escape character is '^]'.
> RFB 003.003
>
> The vncviewer seems to prevent users from connecting
> to a server that runs on the same machine (because
> it doesn't make sense to do that), but in my case
> it does make sense, because I forwarded the port to
> (the same portnumber on) the machine at work.
>
> What am I doing wrong?
> I would very much appreciate suggestions or help.
>
> Thanks
> Marijn
> _______________________________________________
> VNC-List mailing list
> VNC-List "at" realvnc.com
> To remove yourself from the list visit:
> http://www.realvnc.com/mailman/listinfo/vnc-list