Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

Utilizing VNC Viewer in "LISTEN MODE" through a PIX firewall

Posted on 2003-11-20
10
6,382 Views
Last Modified: 2013-11-16
I have opened ports 5800 and 5900 on my firewall to one of my networked computers so that it can be accessed via VNC from an external Internet location; however, because I support users calling from remote sites that are typically behind a firewall themselves, I need to be able to run VNC Viewer in "Listen" mode.  I opened port 5500 on the firewall to my internal IP but when a user tries to connect to me, they are still unsuccessful.

This question is not necessarily "extremely difficult" but it is very urgent.  Thanks!
0
Comment
Question by:FunkiNATEr
10 Comments
 
LVL 57

Expert Comment

by:Pete Long
ID: 9788853
Hi FunkiNATEr,
Q53 Which TCP/IP ports does VNC use?
A VNC server listens on two ports. The exact port numbers depend on the VNC display number, because a single machine may run multiple servers. The most important one is 59xx, where xx is the display number. The VNC protocol itself runs over this port. So for most PC servers, the port will be 5900, because they use display 0 by default.

In addition, VNC servers normally have a small and very restricted web server built in, which allows you to connect a browser to them and use the Java viewer. This runs on port 58xx. Note that this is the HTTP port used for downloading pages and applets, but once the applet is running it uses 59xx for VNC just like any other viewer.

The servers can be changed to listen on other ports if, for any reason, these are not suitable for you. See the server's documentation for more details. Most of the viewers, if given a display number larger than 99, will interpret it as a direct port number and will not add 5900. See also the next question.

If you are running a viewer in 'listening' mode, where it accepts connections initiated by the server, it will listen for incoming VNC on port 5500.
http://oldlook.experts-exchange.com/Networking/Q_20310742.html?query=vnc+firewall&searchType=topic

Cheers!
0
 
LVL 57

Expert Comment

by:Pete Long
ID: 9788865
FunkiNATEr,
Open both  5900 and 5800
0
 
LVL 57

Expert Comment

by:Pete Long
ID: 9788869
0
Easy, flexible multimedia distribution & control

Coming soon!  Ideal for large-scale A/V applications, ATEN's VM3200 Modular Matrix Switch is an all-in-one solution that simplifies video wall integration. Easily customize display layouts to see what you want, how you want it in 4k.

 
LVL 7

Accepted Solution

by:
Robing66066 earned 500 total points
ID: 9788870
I could be wrong, but I think you have have to open 550x, where x is the display number.  Check to ensure your display number is zero.  If not, change it to that.  If you can't, change your open port to match the current display number.

Otherwise, from what I can see, it should work fine.

Good luck.
0
 
LVL 57

Expert Comment

by:Pete Long
ID: 9788874
0
 

Author Comment

by:FunkiNATEr
ID: 9788876
Read my original post.  I have already opened 5800 and 5900.  Logging into my desktop from an external address works fine.  I need to be able to log into an external address by allowing the host to connect to me.  I have opened TCP port 5500.  Is this not correct?
0
 
LVL 57

Expert Comment

by:Pete Long
ID: 9788883
0
 
LVL 57

Expert Comment

by:Pete Long
ID: 9788956
FunkiNATEr,
also take a look here for a different approach

Firewall VNC Client
Connect to your VNC Server with a client that uses HTTP proxy to connect through a firewall.
http://www.xs4all.nl/~harmwal/vnc/readme.html
0
 
LVL 57

Expert Comment

by:Pete Long
ID: 9788975
FunkiNATEr,
How should I setup my firewall to work with VNC?
If you've administrative control over your firewall/router that
protects your collection of VNC servers, setting up the firewall
so that any or all of your VNC servers are accessible from the
outside is fairly easy.

Suppose, for example, you have 5 PC's, all of which are running VNC
servers, and you want to be able to access them from the "outside".
You'll need to make 5 "port forwarding" entries:

1. External TCP port 5900 to your first PC's port 5900
2. External TCP port 5901 to your second PC's port 5900
3. External TCP port 5902 to your third PC's port 5900
4. External TCP port 5903 to your fourth PC's port 5900
5. External TCP port 5904 to your fifth PC's port 5900

Then if you point a VNC viewer to your external IP address, "Display 0"
will reach your first PC, "Display 1" will reach your second, etc.
Do the same thing with TCP port 5800, 5801, etc to get the optional
"web browser VNC Viewer" working too.

 http://faq.gotomyvnc.com/fom-serve/cache/64.html
0
 
LVL 3

Expert Comment

by:terageek
ID: 9790222
The first diagnostic I would try is to close port 5500 on the firewall at the client side and see if the firewall reports an attack on port 5500 when the server tries to connect.  If not, it is possible that the sever is behind a firewall which won't allow a connection out of port 5500.  You can try to get around this by telling your viewer to listen on a port which the firewall would let through.  Port 8080 comest to mind which is a common http alternative and should be allowed through most firewalls.
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Meet the world's only “Transparent Cloud™” from Superb Internet Corporation. Now, you can experience firsthand a cloud platform that consistently outperforms Amazon Web Services (AWS), IBM’s Softlayer, and Microsoft’s Azure when it comes to CPU and …
PRTG Network Monitor lets you monitor your bandwidth usage, so you know who is using up your bandwidth, and what they're using it for.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

861 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question