VNC access through NAT

I have my home computer running Windows XP which is behind a NAT router and has an internal ip of 192.168.0.4. I setup dyndns.org to publish the external ip of the router. I want to be able to access my home computer through VNC from my work computer which is directly on the internet and has a static IP. I have heard of people doing this through SSH tunneling but i am not sure how to do this from my XP system to create a tunnel to my work computer. I do not have access to the NAT router so i cannot open ports on the router.
EnslaverAsked:
Who is Participating?
 
LimeSMJCommented:
You can run VNC "in reverse" using the "Run Listening VNC Viewer"...

Basically you run the VNC server from inside the router with your external computer running VNC in listen mode.  This way, the communication starts from inside the NAT to the outside computer(for situations as you are in).  Just make sure your external computer is on and you are running VNC in listen mode before you setup the VNC server on the inside.  You will also need to know your external computer's IP address or hostname (if you use some service like dyndns.org).

When you want to use the listen mode, just start the VNC Server on the work computer.  Set up a password (for incoming connections - which in your case won't be anyone).  Click OK.  Then in the system tray, right click on the VNC icon and select Add New Client... in the window that pops up, just type in your IP or hostname and then (if your router isn't blocking any ports) you should now be able to control the internal machine from the outside.  FYI, you can also use a batch file to start the server program using command line options (http://www.uk.research.att.com/archive/vnc/winvnc.html) if you want to schedule a time the server should start while you are at home (in case you forgot to turn your machine on at home).

IMPORTANT:  This reverse VNC method is very risky in terms of security.  Every packet will be unencrypted for the world to see.  If possible, you should really use an SSH tunnel - which I have never used with VNC.  :)  Here's a link to some info http://www.uk.research.att.com/archive/vnc/sshvnc.html  - using that info, and a scheduled batch file, you may be able to initiate an SSH VNC session in listen mode.  Not sure though.

Good luck.
0
 
Pete LongTechnical ConsultantCommented:
Running VNC through routers/Firewalls

If you are on the CONTROLLING computer and are behind a router you will need to open port 5900 TO the IP address of the CONTROLLED PC. (this is usually the external IP address of the router at the CONTROLLED end)

You will need to set the router at the CONTROLLED end to forward port 5900 traffic to the CONTROLLED IP address).

NB. VNC web traffic travels over ports 5800 to 5900

Why the different numbers?

VNC installs a mini web server that listens on ports 5800 to 5900, it does this because, if you need to control multiple PCs you can set so that the last two digits of the port number become the DISPLAY number (client number)

for example

machine 1 = 0 (that's port 5800) to connect type http://<public IP address>:5800
machine 2 = 1 (that's port 5801) to connect type http://<public IP address>:5801

Obviously at the CONTROLLED end the router/firewall must be set up to forward port 5800 to machine 1's IP address etc.

Why port 5900 then?

The APPLICATION uses this port


*****Links*****

Download RealVNC
http://www.realvnc.com/

Download TightVNC
http://www.tightvnc.com/

Connecting over the web Java VNC Viewer
http://www.realvnc.com/javavncviewer.html
0
 
EnslaverAuthor Commented:
Read the last line "I do not have access to the NAT router so i cannot open ports on the router." This is not an easy solution.
0
KuppingerCole Reviews AlgoSec in Executive Report

Leading analyst firm, KuppingerCole reviews AlgoSec's Security Policy Management Solution, and the security challenges faced by companies today in their Executive View report.

 
Pete LongTechnical ConsultantCommented:
my appologies - then your best bet is NOT to use VNC,PCAnywhere or any of the traditional remote control applications.
you could try gotomypc it runs over port 80 which is usually open (but its not free)
0
 
LimeSMJCommented:
Uhm... oops... I got your configuration backwards... Run the server on the home machine and access it via your work machine.
0
 
Tim HolmanCommented:
You're a big buggered if you can't change your NAT router, and are limited to P2P file sharing options such as gotomypc.com, and Kazaa.
0
 
Pete LongTechnical ConsultantCommented:
Ah Tim you just jogged my memory on something - watch for a mail notif
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.