Reverse VNC

[Jon Peatfield]

On Fri, 24 Aug 2007, Les Wilcock wrote:

> Dear Forum members
>
> I suspect this is a simple question.
>
> I want to install a copy of VNC on a friends PC with the purpose of helping
> him configure his system.  He doesn't have a Static IP address so my intention
> is for him to initiate a reverse VNC session.

Presumably using vncconfig -connect or whatever(*) to your vncviewer 
running in -listen mode...

> My question is, he has a firewall monitoring outgoing traffic, what (if any)
> configuration cahanges do I need to make to allow VNC to connect to my PC.

Well that depends on his firewall doesn't it!  Many common firewalls don't 
block much in the way of outbound stuff but some do, and some 'anti-virus' 
tools add extra blocks (to restrict worms apparently).

Given that the default listen port is tcp/5500 he will need his vnc-server 
to be able to connect to you on that port, though if that isn't easy to 
allow (e.g. firewall not under his control), you can arrange for your 
viewer to listen on pretty much any port you like.

> Thanks in anticipation.

Note that by default the vnc traffic will probably be unencrypted or you 
may want to tunnel it over something secure (e.g. using ssh).

To help my parents I set up their Mac so I can ssh in to fix most stuff 
(that is the one port allowed inbound).  When graphical interaction is 
needed (e.g. to show them how to select something) I do the vnc thing over 
an ssh-tunnel (starting the vnc in either direction will work as long as 
one has suitable tunnels).

At work I do the -connect stuff over ssh tunnels all the time -- in fact 
I'd like to be able to run the vnc-servers with no RFB listener at all, 
but my patches to add that option got ignored...

  -- Jon

(*) vncconfig -connect on recent realvnc versions, but it was the 
vncconnect command on older stuff (still that way in TightVNC etc).