Utilizing VNC Viewer in "LISTEN MODE" through a PIX firewall

I have opened ports 5800 and 5900 on my firewall to one of my networked computers so that it can be accessed via VNC from an external Internet location; however, because I support users calling from remote sites that are typically behind a firewall themselves, I need to be able to run VNC Viewer in "Listen" mode.  I opened port 5500 on the firewall to my internal IP but when a user tries to connect to me, they are still unsuccessful.

This question is not necessarily "extremely difficult" but it is very urgent.  Thanks!
FunkiNATErAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Pete LongTechnical ConsultantCommented:
Hi FunkiNATEr,
Q53 Which TCP/IP ports does VNC use?
A VNC server listens on two ports. The exact port numbers depend on the VNC display number, because a single machine may run multiple servers. The most important one is 59xx, where xx is the display number. The VNC protocol itself runs over this port. So for most PC servers, the port will be 5900, because they use display 0 by default.

In addition, VNC servers normally have a small and very restricted web server built in, which allows you to connect a browser to them and use the Java viewer. This runs on port 58xx. Note that this is the HTTP port used for downloading pages and applets, but once the applet is running it uses 59xx for VNC just like any other viewer.

The servers can be changed to listen on other ports if, for any reason, these are not suitable for you. See the server's documentation for more details. Most of the viewers, if given a display number larger than 99, will interpret it as a direct port number and will not add 5900. See also the next question.

If you are running a viewer in 'listening' mode, where it accepts connections initiated by the server, it will listen for incoming VNC on port 5500.
http://oldlook.experts-exchange.com/Networking/Q_20310742.html?query=vnc+firewall&searchType=topic

Cheers!
0
Pete LongTechnical ConsultantCommented:
FunkiNATEr,
Open both  5900 and 5800
0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

Robing66066Commented:
I could be wrong, but I think you have have to open 550x, where x is the display number.  Check to ensure your display number is zero.  If not, change it to that.  If you can't, change your open port to match the current display number.

Otherwise, from what I can see, it should work fine.

Good luck.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
FunkiNATErAuthor Commented:
Read my original post.  I have already opened 5800 and 5900.  Logging into my desktop from an external address works fine.  I need to be able to log into an external address by allowing the host to connect to me.  I have opened TCP port 5500.  Is this not correct?
0
Pete LongTechnical ConsultantCommented:
FunkiNATEr,
also take a look here for a different approach

Firewall VNC Client
Connect to your VNC Server with a client that uses HTTP proxy to connect through a firewall.
http://www.xs4all.nl/~harmwal/vnc/readme.html
0
Pete LongTechnical ConsultantCommented:
FunkiNATEr,
How should I setup my firewall to work with VNC?
If you've administrative control over your firewall/router that
protects your collection of VNC servers, setting up the firewall
so that any or all of your VNC servers are accessible from the
outside is fairly easy.

Suppose, for example, you have 5 PC's, all of which are running VNC
servers, and you want to be able to access them from the "outside".
You'll need to make 5 "port forwarding" entries:

1. External TCP port 5900 to your first PC's port 5900
2. External TCP port 5901 to your second PC's port 5900
3. External TCP port 5902 to your third PC's port 5900
4. External TCP port 5903 to your fourth PC's port 5900
5. External TCP port 5904 to your fifth PC's port 5900

Then if you point a VNC viewer to your external IP address, "Display 0"
will reach your first PC, "Display 1" will reach your second, etc.
Do the same thing with TCP port 5800, 5801, etc to get the optional
"web browser VNC Viewer" working too.

 http://faq.gotomyvnc.com/fom-serve/cache/64.html
0
terageekCommented:
The first diagnostic I would try is to close port 5500 on the firewall at the client side and see if the firewall reports an attack on port 5500 when the server tries to connect.  If not, it is possible that the sever is behind a firewall which won't allow a connection out of port 5500.  You can try to get around this by telling your viewer to listen on a port which the firewall would let through.  Port 8080 comest to mind which is a common http alternative and should be allowed through most firewalls.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Software Firewalls

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.