Solved

Utilizing VNC Viewer in "LISTEN MODE" through a PIX firewall

Posted on 2003-11-20
10
6,380 Views
Last Modified: 2013-11-16
I have opened ports 5800 and 5900 on my firewall to one of my networked computers so that it can be accessed via VNC from an external Internet location; however, because I support users calling from remote sites that are typically behind a firewall themselves, I need to be able to run VNC Viewer in "Listen" mode.  I opened port 5500 on the firewall to my internal IP but when a user tries to connect to me, they are still unsuccessful.

This question is not necessarily "extremely difficult" but it is very urgent.  Thanks!
0
Comment
Question by:FunkiNATEr
10 Comments
 
LVL 57

Expert Comment

by:Pete Long
ID: 9788853
Hi FunkiNATEr,
Q53 Which TCP/IP ports does VNC use?
A VNC server listens on two ports. The exact port numbers depend on the VNC display number, because a single machine may run multiple servers. The most important one is 59xx, where xx is the display number. The VNC protocol itself runs over this port. So for most PC servers, the port will be 5900, because they use display 0 by default.

In addition, VNC servers normally have a small and very restricted web server built in, which allows you to connect a browser to them and use the Java viewer. This runs on port 58xx. Note that this is the HTTP port used for downloading pages and applets, but once the applet is running it uses 59xx for VNC just like any other viewer.

The servers can be changed to listen on other ports if, for any reason, these are not suitable for you. See the server's documentation for more details. Most of the viewers, if given a display number larger than 99, will interpret it as a direct port number and will not add 5900. See also the next question.

If you are running a viewer in 'listening' mode, where it accepts connections initiated by the server, it will listen for incoming VNC on port 5500.
http://oldlook.experts-exchange.com/Networking/Q_20310742.html?query=vnc+firewall&searchType=topic

Cheers!
0
 
LVL 57

Expert Comment

by:Pete Long
ID: 9788865
FunkiNATEr,
Open both  5900 and 5800
0
 
LVL 57

Expert Comment

by:Pete Long
ID: 9788869
0
 
LVL 7

Accepted Solution

by:
Robing66066 earned 500 total points
ID: 9788870
I could be wrong, but I think you have have to open 550x, where x is the display number.  Check to ensure your display number is zero.  If not, change it to that.  If you can't, change your open port to match the current display number.

Otherwise, from what I can see, it should work fine.

Good luck.
0
 
LVL 57

Expert Comment

by:Pete Long
ID: 9788874
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 

Author Comment

by:FunkiNATEr
ID: 9788876
Read my original post.  I have already opened 5800 and 5900.  Logging into my desktop from an external address works fine.  I need to be able to log into an external address by allowing the host to connect to me.  I have opened TCP port 5500.  Is this not correct?
0
 
LVL 57

Expert Comment

by:Pete Long
ID: 9788883
0
 
LVL 57

Expert Comment

by:Pete Long
ID: 9788956
FunkiNATEr,
also take a look here for a different approach

Firewall VNC Client
Connect to your VNC Server with a client that uses HTTP proxy to connect through a firewall.
http://www.xs4all.nl/~harmwal/vnc/readme.html
0
 
LVL 57

Expert Comment

by:Pete Long
ID: 9788975
FunkiNATEr,
How should I setup my firewall to work with VNC?
If you've administrative control over your firewall/router that
protects your collection of VNC servers, setting up the firewall
so that any or all of your VNC servers are accessible from the
outside is fairly easy.

Suppose, for example, you have 5 PC's, all of which are running VNC
servers, and you want to be able to access them from the "outside".
You'll need to make 5 "port forwarding" entries:

1. External TCP port 5900 to your first PC's port 5900
2. External TCP port 5901 to your second PC's port 5900
3. External TCP port 5902 to your third PC's port 5900
4. External TCP port 5903 to your fourth PC's port 5900
5. External TCP port 5904 to your fifth PC's port 5900

Then if you point a VNC viewer to your external IP address, "Display 0"
will reach your first PC, "Display 1" will reach your second, etc.
Do the same thing with TCP port 5800, 5801, etc to get the optional
"web browser VNC Viewer" working too.

 http://faq.gotomyvnc.com/fom-serve/cache/64.html
0
 
LVL 3

Expert Comment

by:terageek
ID: 9790222
The first diagnostic I would try is to close port 5500 on the firewall at the client side and see if the firewall reports an attack on port 5500 when the server tries to connect.  If not, it is possible that the sever is behind a firewall which won't allow a connection out of port 5500.  You can try to get around this by telling your viewer to listen on a port which the firewall would let through.  Port 8080 comest to mind which is a common http alternative and should be allowed through most firewalls.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If your business is like most, chances are you still need to maintain a fax infrastructure for your staff. It’s hard to believe that a communication technology that was thriving in the mid-80s could still be an essential part of your team’s modern I…
Most of the applications these days are on Cloud. Cloud is ubiquitous with many service providers in the market. Since it has many benefits such as cost reduction, software updates, remote access, disaster recovery and much more.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

932 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now