remote port forwarding and vnc

mneevens@xs4all.nl mneevens "at" xs4all.nl
Mon Jan 26 09:13:01 2004


Dear Christopher,

I back at work now and I just ran regedit,
In my HKEY_LOCAL_MACHINE\software\ORL\WinVNC3\
there are a few entries, but no ALLOWLOOPBACK.
It's a Win2000 Advanced Server machine, and I believe
I have administrator rights?

thanks
Marijn

On Sat, 24 Jan 2004, Christopher Hickman wrote:

> If you are using WinVNC, then you need to set the LoopbackOnly option.
> I have run into this before.  Here's a excerpt from the documentation
> <http://realvnc.com/winvnc.html> that explains it:
>
> LoopbackOnly
> By default, WinVNC servers accept incoming connections on any network
> adapter address, since this is the easiest way of coping with
> multihomed machines. In some cases, it is preferable to listen only for
> connections originating from the local machine and aimed at the
> "localhost" adapter - a particular example is the use of VNC over SSH
> to provide secure VNC.  Setting this registry entry to 1 will cause
> WinVNC to only accept local connections - this overrides the
> AllowLoopback and AuthHosts settings.  Setting this entry to zero
> causes WinVNC to accept connections on any adapter and is the default
> setting. Local machine-specific setting.
>
> Local machine-specific settings. Options specified here are not
> overridable.
> Location:
> HKEY_LOCAL_MACHINE\Software\ORL\WinVNC3\
>
> Good luck,
> Topher
>
> On Saturday, January 24, 2004, at 07:19  AM, mneevens "at" xs4all.nl wrote:
>
> > Hi All,
> >
> > I just started to play with vnc, but I do have
> > experience with remote port forwarding with ssh.
> > This is the problem I encountered:
> >
> > At work, behind my employers firewall, I run the vnc server
> > (on windows 2000) on the standard 5900 port. I then use
> > a ssh client to connect to my linux machine at home, therebye
> > forwarding the remote port 5900 to the local port 5900 :
> > "ssh -l root -R:5900:localhost:5900 my.machine.at.home",
> >
> > When at home, I run the vncviewer (for Linux), I expected to get
> > my desktop at work when doing "vncviewer localhost", but the vncviewer
> > stops and says, "local loopback connections are disabled".
> >
> > I guess my port forwarding is not the problem: when I try to telnet
> > to localhost 5900, I get a response:
> >
> >> telnet localhost 5900
> > Trying 127.0.0.1...
> > Connected to localhost.localdomain (127.0.0.1).
> > Escape character is '^]'.
> > RFB 003.003
> >
> > The vncviewer seems to prevent users from connecting
> > to a server that runs on the same machine (because
> > it doesn't make sense to do that), but in my case
> > it does make sense, because I forwarded the port to
> > (the same portnumber on) the machine at work.
> >
> > What am I doing wrong?
> > I would very much appreciate suggestions or help.
> >
> > Thanks
> > Marijn
> > _______________________________________________
> > VNC-List mailing list
> > VNC-List "at" realvnc.com
> > To remove yourself from the list visit:
> > http://www.realvnc.com/mailman/listinfo/vnc-list
> _______________________________________________
> VNC-List mailing list
> VNC-List "at" realvnc.com
> To remove yourself from the list visit:
> http://www.realvnc.com/mailman/listinfo/vnc-list