Solved

VNC access through NAT

Posted on 2004-09-09
7
27,687 Views
Last Modified: 2012-08-13
I have my home computer running Windows XP which is behind a NAT router and has an internal ip of 192.168.0.4. I setup dyndns.org to publish the external ip of the router. I want to be able to access my home computer through VNC from my work computer which is directly on the internet and has a static IP. I have heard of people doing this through SSH tunneling but i am not sure how to do this from my XP system to create a tunnel to my work computer. I do not have access to the NAT router so i cannot open ports on the router.
0
Comment
Question by:Enslaver
7 Comments
 
LVL 57

Expert Comment

by:Pete Long
ID: 12019690
Running VNC through routers/Firewalls

If you are on the CONTROLLING computer and are behind a router you will need to open port 5900 TO the IP address of the CONTROLLED PC. (this is usually the external IP address of the router at the CONTROLLED end)

You will need to set the router at the CONTROLLED end to forward port 5900 traffic to the CONTROLLED IP address).

NB. VNC web traffic travels over ports 5800 to 5900

Why the different numbers?

VNC installs a mini web server that listens on ports 5800 to 5900, it does this because, if you need to control multiple PCs you can set so that the last two digits of the port number become the DISPLAY number (client number)

for example

machine 1 = 0 (that's port 5800) to connect type http://<public IP address>:5800
machine 2 = 1 (that's port 5801) to connect type http://<public IP address>:5801

Obviously at the CONTROLLED end the router/firewall must be set up to forward port 5800 to machine 1's IP address etc.

Why port 5900 then?

The APPLICATION uses this port


*****Links*****

Download RealVNC
http://www.realvnc.com/

Download TightVNC
http://www.tightvnc.com/

Connecting over the web Java VNC Viewer
http://www.realvnc.com/javavncviewer.html
0
 

Author Comment

by:Enslaver
ID: 12019711
Read the last line "I do not have access to the NAT router so i cannot open ports on the router." This is not an easy solution.
0
 
LVL 57

Expert Comment

by:Pete Long
ID: 12019748
my appologies - then your best bet is NOT to use VNC,PCAnywhere or any of the traditional remote control applications.
you could try gotomypc it runs over port 80 which is usually open (but its not free)
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 7

Accepted Solution

by:
LimeSMJ earned 500 total points
ID: 12022541
You can run VNC "in reverse" using the "Run Listening VNC Viewer"...

Basically you run the VNC server from inside the router with your external computer running VNC in listen mode.  This way, the communication starts from inside the NAT to the outside computer(for situations as you are in).  Just make sure your external computer is on and you are running VNC in listen mode before you setup the VNC server on the inside.  You will also need to know your external computer's IP address or hostname (if you use some service like dyndns.org).

When you want to use the listen mode, just start the VNC Server on the work computer.  Set up a password (for incoming connections - which in your case won't be anyone).  Click OK.  Then in the system tray, right click on the VNC icon and select Add New Client... in the window that pops up, just type in your IP or hostname and then (if your router isn't blocking any ports) you should now be able to control the internal machine from the outside.  FYI, you can also use a batch file to start the server program using command line options (http://www.uk.research.att.com/archive/vnc/winvnc.html) if you want to schedule a time the server should start while you are at home (in case you forgot to turn your machine on at home).

IMPORTANT:  This reverse VNC method is very risky in terms of security.  Every packet will be unencrypted for the world to see.  If possible, you should really use an SSH tunnel - which I have never used with VNC.  :)  Here's a link to some info http://www.uk.research.att.com/archive/vnc/sshvnc.html  - using that info, and a scheduled batch file, you may be able to initiate an SSH VNC session in listen mode.  Not sure though.

Good luck.
0
 
LVL 7

Expert Comment

by:LimeSMJ
ID: 12022556
Uhm... oops... I got your configuration backwards... Run the server on the home machine and access it via your work machine.
0
 
LVL 23

Expert Comment

by:Tim Holman
ID: 12027920
You're a big buggered if you can't change your NAT router, and are limited to P2P file sharing options such as gotomypc.com, and Kazaa.
0
 
LVL 57

Expert Comment

by:Pete Long
ID: 12028482
Ah Tim you just jogged my memory on something - watch for a mail notif
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Do you have a windows based Checkpoint SmartCenter for centralized Checkpoint management?  Have you ever backed up the firewall policy residing on the SmartCenter?  If you have then you know the hassles of connecting to the server, doing an upgrade_…
To setup a SonicWALL for policy based routing to be used with the Websense Content Gateway there are several steps that need to be completed. Below is a rough guide for accomplishing this. One thing of note is this guide is intended to assist in the…
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now