Solved

Utilizing VNC Viewer in "LISTEN MODE" through a PIX firewall

Posted on 2003-11-20
10
6,379 Views
Last Modified: 2013-11-16
I have opened ports 5800 and 5900 on my firewall to one of my networked computers so that it can be accessed via VNC from an external Internet location; however, because I support users calling from remote sites that are typically behind a firewall themselves, I need to be able to run VNC Viewer in "Listen" mode.  I opened port 5500 on the firewall to my internal IP but when a user tries to connect to me, they are still unsuccessful.

This question is not necessarily "extremely difficult" but it is very urgent.  Thanks!
0
Comment
Question by:FunkiNATEr
10 Comments
 
LVL 57

Expert Comment

by:Pete Long
ID: 9788853
Hi FunkiNATEr,
Q53 Which TCP/IP ports does VNC use?
A VNC server listens on two ports. The exact port numbers depend on the VNC display number, because a single machine may run multiple servers. The most important one is 59xx, where xx is the display number. The VNC protocol itself runs over this port. So for most PC servers, the port will be 5900, because they use display 0 by default.

In addition, VNC servers normally have a small and very restricted web server built in, which allows you to connect a browser to them and use the Java viewer. This runs on port 58xx. Note that this is the HTTP port used for downloading pages and applets, but once the applet is running it uses 59xx for VNC just like any other viewer.

The servers can be changed to listen on other ports if, for any reason, these are not suitable for you. See the server's documentation for more details. Most of the viewers, if given a display number larger than 99, will interpret it as a direct port number and will not add 5900. See also the next question.

If you are running a viewer in 'listening' mode, where it accepts connections initiated by the server, it will listen for incoming VNC on port 5500.
http://oldlook.experts-exchange.com/Networking/Q_20310742.html?query=vnc+firewall&searchType=topic

Cheers!
0
 
LVL 57

Expert Comment

by:Pete Long
ID: 9788865
FunkiNATEr,
Open both  5900 and 5800
0
 
LVL 57

Expert Comment

by:Pete Long
ID: 9788869
0
 
LVL 7

Accepted Solution

by:
Robing66066 earned 500 total points
ID: 9788870
I could be wrong, but I think you have have to open 550x, where x is the display number.  Check to ensure your display number is zero.  If not, change it to that.  If you can't, change your open port to match the current display number.

Otherwise, from what I can see, it should work fine.

Good luck.
0
 
LVL 57

Expert Comment

by:Pete Long
ID: 9788874
0
Highfive Gives IT Their Time Back

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 

Author Comment

by:FunkiNATEr
ID: 9788876
Read my original post.  I have already opened 5800 and 5900.  Logging into my desktop from an external address works fine.  I need to be able to log into an external address by allowing the host to connect to me.  I have opened TCP port 5500.  Is this not correct?
0
 
LVL 57

Expert Comment

by:Pete Long
ID: 9788883
0
 
LVL 57

Expert Comment

by:Pete Long
ID: 9788956
FunkiNATEr,
also take a look here for a different approach

Firewall VNC Client
Connect to your VNC Server with a client that uses HTTP proxy to connect through a firewall.
http://www.xs4all.nl/~harmwal/vnc/readme.html
0
 
LVL 57

Expert Comment

by:Pete Long
ID: 9788975
FunkiNATEr,
How should I setup my firewall to work with VNC?
If you've administrative control over your firewall/router that
protects your collection of VNC servers, setting up the firewall
so that any or all of your VNC servers are accessible from the
outside is fairly easy.

Suppose, for example, you have 5 PC's, all of which are running VNC
servers, and you want to be able to access them from the "outside".
You'll need to make 5 "port forwarding" entries:

1. External TCP port 5900 to your first PC's port 5900
2. External TCP port 5901 to your second PC's port 5900
3. External TCP port 5902 to your third PC's port 5900
4. External TCP port 5903 to your fourth PC's port 5900
5. External TCP port 5904 to your fifth PC's port 5900

Then if you point a VNC viewer to your external IP address, "Display 0"
will reach your first PC, "Display 1" will reach your second, etc.
Do the same thing with TCP port 5800, 5801, etc to get the optional
"web browser VNC Viewer" working too.

 http://faq.gotomyvnc.com/fom-serve/cache/64.html
0
 
LVL 3

Expert Comment

by:terageek
ID: 9790222
The first diagnostic I would try is to close port 5500 on the firewall at the client side and see if the firewall reports an attack on port 5500 when the server tries to connect.  If not, it is possible that the sever is behind a firewall which won't allow a connection out of port 5500.  You can try to get around this by telling your viewer to listen on a port which the firewall would let through.  Port 8080 comest to mind which is a common http alternative and should be allowed through most firewalls.
0

Featured Post

Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

Join & Write a Comment

Network ports are the threads that hold network communication together. They are an essential part of networking that can be easily ignore or misunderstood, my goals is to show those who don't have a strong network foundation how network ports opera…
Don’t let your business fall victim to the coming apocalypse – use our Survival Guide for the Fax Apocalypse to identify the risks and signs of zombie fax activities at your business.
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now