Solved

Utilizing VNC Viewer in "LISTEN MODE" through a PIX firewall

Posted on 2003-11-20
10
6,386 Views
Last Modified: 2013-11-16
I have opened ports 5800 and 5900 on my firewall to one of my networked computers so that it can be accessed via VNC from an external Internet location; however, because I support users calling from remote sites that are typically behind a firewall themselves, I need to be able to run VNC Viewer in "Listen" mode.  I opened port 5500 on the firewall to my internal IP but when a user tries to connect to me, they are still unsuccessful.

This question is not necessarily "extremely difficult" but it is very urgent.  Thanks!
0
Comment
Question by:FunkiNATEr
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
10 Comments
 
LVL 57

Expert Comment

by:Pete Long
ID: 9788853
Hi FunkiNATEr,
Q53 Which TCP/IP ports does VNC use?
A VNC server listens on two ports. The exact port numbers depend on the VNC display number, because a single machine may run multiple servers. The most important one is 59xx, where xx is the display number. The VNC protocol itself runs over this port. So for most PC servers, the port will be 5900, because they use display 0 by default.

In addition, VNC servers normally have a small and very restricted web server built in, which allows you to connect a browser to them and use the Java viewer. This runs on port 58xx. Note that this is the HTTP port used for downloading pages and applets, but once the applet is running it uses 59xx for VNC just like any other viewer.

The servers can be changed to listen on other ports if, for any reason, these are not suitable for you. See the server's documentation for more details. Most of the viewers, if given a display number larger than 99, will interpret it as a direct port number and will not add 5900. See also the next question.

If you are running a viewer in 'listening' mode, where it accepts connections initiated by the server, it will listen for incoming VNC on port 5500.
http://oldlook.experts-exchange.com/Networking/Q_20310742.html?query=vnc+firewall&searchType=topic

Cheers!
0
 
LVL 57

Expert Comment

by:Pete Long
ID: 9788865
FunkiNATEr,
Open both  5900 and 5800
0
 
LVL 57

Expert Comment

by:Pete Long
ID: 9788869
0
2017 Webroot Threat Report

MSPs: Get the facts you need to protect your clients.
The 2017 Webroot Threat Report provides a uniquely insightful global view into the analysis and discoveries made by the Webroot® Threat Intelligence Platform to provide insights on key trends and risks as seen by our users.

 
LVL 7

Accepted Solution

by:
Robing66066 earned 500 total points
ID: 9788870
I could be wrong, but I think you have have to open 550x, where x is the display number.  Check to ensure your display number is zero.  If not, change it to that.  If you can't, change your open port to match the current display number.

Otherwise, from what I can see, it should work fine.

Good luck.
0
 
LVL 57

Expert Comment

by:Pete Long
ID: 9788874
0
 

Author Comment

by:FunkiNATEr
ID: 9788876
Read my original post.  I have already opened 5800 and 5900.  Logging into my desktop from an external address works fine.  I need to be able to log into an external address by allowing the host to connect to me.  I have opened TCP port 5500.  Is this not correct?
0
 
LVL 57

Expert Comment

by:Pete Long
ID: 9788883
0
 
LVL 57

Expert Comment

by:Pete Long
ID: 9788956
FunkiNATEr,
also take a look here for a different approach

Firewall VNC Client
Connect to your VNC Server with a client that uses HTTP proxy to connect through a firewall.
http://www.xs4all.nl/~harmwal/vnc/readme.html
0
 
LVL 57

Expert Comment

by:Pete Long
ID: 9788975
FunkiNATEr,
How should I setup my firewall to work with VNC?
If you've administrative control over your firewall/router that
protects your collection of VNC servers, setting up the firewall
so that any or all of your VNC servers are accessible from the
outside is fairly easy.

Suppose, for example, you have 5 PC's, all of which are running VNC
servers, and you want to be able to access them from the "outside".
You'll need to make 5 "port forwarding" entries:

1. External TCP port 5900 to your first PC's port 5900
2. External TCP port 5901 to your second PC's port 5900
3. External TCP port 5902 to your third PC's port 5900
4. External TCP port 5903 to your fourth PC's port 5900
5. External TCP port 5904 to your fifth PC's port 5900

Then if you point a VNC viewer to your external IP address, "Display 0"
will reach your first PC, "Display 1" will reach your second, etc.
Do the same thing with TCP port 5800, 5801, etc to get the optional
"web browser VNC Viewer" working too.

 http://faq.gotomyvnc.com/fom-serve/cache/64.html
0
 
LVL 3

Expert Comment

by:terageek
ID: 9790222
The first diagnostic I would try is to close port 5500 on the firewall at the client side and see if the firewall reports an attack on port 5500 when the server tries to connect.  If not, it is possible that the sever is behind a firewall which won't allow a connection out of port 5500.  You can try to get around this by telling your viewer to listen on a port which the firewall would let through.  Port 8080 comest to mind which is a common http alternative and should be allowed through most firewalls.
0

Featured Post

How to Defend Against the WCry Ransomware Attack

On May 12, 2017, an extremely virulent ransomware variant named WCry 2.0 began to infect organizations. Within several hours, over 75,000 victims were reported in 90+ countries. Learn more from our research team about this threat & how to protect your organization!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Understanding Extended-Access List 6 71
VLAN's by IP 10 49
Domain Controller/ Old server 9 62
Windows 7's Backup Utility 12 47
Let’s list some of the technologies that enable smooth teleworking. 
When it comes to security, there are always trade-offs between security and convenience/ease of administration. This article examines some of the main pros and cons of using key authentication vs password authentication for hosting an SFTP server.
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question