Solved

VNC access through NAT

Posted on 2004-09-09
7
27,746 Views
Last Modified: 2012-08-13
I have my home computer running Windows XP which is behind a NAT router and has an internal ip of 192.168.0.4. I setup dyndns.org to publish the external ip of the router. I want to be able to access my home computer through VNC from my work computer which is directly on the internet and has a static IP. I have heard of people doing this through SSH tunneling but i am not sure how to do this from my XP system to create a tunnel to my work computer. I do not have access to the NAT router so i cannot open ports on the router.
0
Comment
Question by:Enslaver
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
7 Comments
 
LVL 57

Expert Comment

by:Pete Long
ID: 12019690
Running VNC through routers/Firewalls

If you are on the CONTROLLING computer and are behind a router you will need to open port 5900 TO the IP address of the CONTROLLED PC. (this is usually the external IP address of the router at the CONTROLLED end)

You will need to set the router at the CONTROLLED end to forward port 5900 traffic to the CONTROLLED IP address).

NB. VNC web traffic travels over ports 5800 to 5900

Why the different numbers?

VNC installs a mini web server that listens on ports 5800 to 5900, it does this because, if you need to control multiple PCs you can set so that the last two digits of the port number become the DISPLAY number (client number)

for example

machine 1 = 0 (that's port 5800) to connect type http://<public IP address>:5800
machine 2 = 1 (that's port 5801) to connect type http://<public IP address>:5801

Obviously at the CONTROLLED end the router/firewall must be set up to forward port 5800 to machine 1's IP address etc.

Why port 5900 then?

The APPLICATION uses this port


*****Links*****

Download RealVNC
http://www.realvnc.com/

Download TightVNC
http://www.tightvnc.com/

Connecting over the web Java VNC Viewer
http://www.realvnc.com/javavncviewer.html
0
 

Author Comment

by:Enslaver
ID: 12019711
Read the last line "I do not have access to the NAT router so i cannot open ports on the router." This is not an easy solution.
0
 
LVL 57

Expert Comment

by:Pete Long
ID: 12019748
my appologies - then your best bet is NOT to use VNC,PCAnywhere or any of the traditional remote control applications.
you could try gotomypc it runs over port 80 which is usually open (but its not free)
0
Automating Your MSP Business

The road to profitability.
Delivering superior services is key to ensuring customer satisfaction and the consequent long-term relationships that enable MSPs to lock in predictable, recurring revenue. What's the best way to deliver superior service? One word: automation.

 
LVL 7

Accepted Solution

by:
LimeSMJ earned 500 total points
ID: 12022541
You can run VNC "in reverse" using the "Run Listening VNC Viewer"...

Basically you run the VNC server from inside the router with your external computer running VNC in listen mode.  This way, the communication starts from inside the NAT to the outside computer(for situations as you are in).  Just make sure your external computer is on and you are running VNC in listen mode before you setup the VNC server on the inside.  You will also need to know your external computer's IP address or hostname (if you use some service like dyndns.org).

When you want to use the listen mode, just start the VNC Server on the work computer.  Set up a password (for incoming connections - which in your case won't be anyone).  Click OK.  Then in the system tray, right click on the VNC icon and select Add New Client... in the window that pops up, just type in your IP or hostname and then (if your router isn't blocking any ports) you should now be able to control the internal machine from the outside.  FYI, you can also use a batch file to start the server program using command line options (http://www.uk.research.att.com/archive/vnc/winvnc.html) if you want to schedule a time the server should start while you are at home (in case you forgot to turn your machine on at home).

IMPORTANT:  This reverse VNC method is very risky in terms of security.  Every packet will be unencrypted for the world to see.  If possible, you should really use an SSH tunnel - which I have never used with VNC.  :)  Here's a link to some info http://www.uk.research.att.com/archive/vnc/sshvnc.html  - using that info, and a scheduled batch file, you may be able to initiate an SSH VNC session in listen mode.  Not sure though.

Good luck.
0
 
LVL 7

Expert Comment

by:LimeSMJ
ID: 12022556
Uhm... oops... I got your configuration backwards... Run the server on the home machine and access it via your work machine.
0
 
LVL 23

Expert Comment

by:Tim Holman
ID: 12027920
You're a big buggered if you can't change your NAT router, and are limited to P2P file sharing options such as gotomypc.com, and Kazaa.
0
 
LVL 57

Expert Comment

by:Pete Long
ID: 12028482
Ah Tim you just jogged my memory on something - watch for a mail notif
0

Featured Post

Threat Trends for MSPs to Watch

See the findings.
Despite its humble beginnings, phishing has come a long way since those first crudely constructed emails. Today, phishing sites can appear and disappear in the length of a coffee break, and it takes more than a little know-how to keep your clients secure.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
PCI Compliance and Open SQL ports 8 85
Open BDS Pf 3 54
Checkpoint Endpoint Managment 3 106
VPN tunnel between Watchguard and OpenVPN? 1 202
If you are like regular user of computer nowadays, a good bet that your home computer is on right now, all exposed to world of Internet to be exploited by somebody you do not know and you never will. Internet security issues has been getting worse d…
The DROP (Spamhaus Don't Route Or Peer List) is a small list of IP address ranges that have been stolen or hijacked from their rightful owners. The DROP list is not a DNS based list.  It is designed to be downloaded as a file, with primary intention…
In an interesting question (https://www.experts-exchange.com/questions/29008360/) here at Experts Exchange, a member asked how to split a single image into multiple images. The primary usage for this is to place many photographs on a flatbed scanner…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question