Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

VNC access through NAT

Posted on 2004-09-09
7
Medium Priority
?
27,790 Views
Last Modified: 2012-08-13
I have my home computer running Windows XP which is behind a NAT router and has an internal ip of 192.168.0.4. I setup dyndns.org to publish the external ip of the router. I want to be able to access my home computer through VNC from my work computer which is directly on the internet and has a static IP. I have heard of people doing this through SSH tunneling but i am not sure how to do this from my XP system to create a tunnel to my work computer. I do not have access to the NAT router so i cannot open ports on the router.
0
Comment
Question by:Enslaver
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
7 Comments
 
LVL 57

Expert Comment

by:Pete Long
ID: 12019690
Running VNC through routers/Firewalls

If you are on the CONTROLLING computer and are behind a router you will need to open port 5900 TO the IP address of the CONTROLLED PC. (this is usually the external IP address of the router at the CONTROLLED end)

You will need to set the router at the CONTROLLED end to forward port 5900 traffic to the CONTROLLED IP address).

NB. VNC web traffic travels over ports 5800 to 5900

Why the different numbers?

VNC installs a mini web server that listens on ports 5800 to 5900, it does this because, if you need to control multiple PCs you can set so that the last two digits of the port number become the DISPLAY number (client number)

for example

machine 1 = 0 (that's port 5800) to connect type http://<public IP address>:5800
machine 2 = 1 (that's port 5801) to connect type http://<public IP address>:5801

Obviously at the CONTROLLED end the router/firewall must be set up to forward port 5800 to machine 1's IP address etc.

Why port 5900 then?

The APPLICATION uses this port


*****Links*****

Download RealVNC
http://www.realvnc.com/

Download TightVNC
http://www.tightvnc.com/

Connecting over the web Java VNC Viewer
http://www.realvnc.com/javavncviewer.html
0
 

Author Comment

by:Enslaver
ID: 12019711
Read the last line "I do not have access to the NAT router so i cannot open ports on the router." This is not an easy solution.
0
 
LVL 57

Expert Comment

by:Pete Long
ID: 12019748
my appologies - then your best bet is NOT to use VNC,PCAnywhere or any of the traditional remote control applications.
you could try gotomypc it runs over port 80 which is usually open (but its not free)
0
Threat Trends for MSPs to Watch

See the findings.
Despite its humble beginnings, phishing has come a long way since those first crudely constructed emails. Today, phishing sites can appear and disappear in the length of a coffee break, and it takes more than a little know-how to keep your clients secure.

 
LVL 7

Accepted Solution

by:
LimeSMJ earned 1500 total points
ID: 12022541
You can run VNC "in reverse" using the "Run Listening VNC Viewer"...

Basically you run the VNC server from inside the router with your external computer running VNC in listen mode.  This way, the communication starts from inside the NAT to the outside computer(for situations as you are in).  Just make sure your external computer is on and you are running VNC in listen mode before you setup the VNC server on the inside.  You will also need to know your external computer's IP address or hostname (if you use some service like dyndns.org).

When you want to use the listen mode, just start the VNC Server on the work computer.  Set up a password (for incoming connections - which in your case won't be anyone).  Click OK.  Then in the system tray, right click on the VNC icon and select Add New Client... in the window that pops up, just type in your IP or hostname and then (if your router isn't blocking any ports) you should now be able to control the internal machine from the outside.  FYI, you can also use a batch file to start the server program using command line options (http://www.uk.research.att.com/archive/vnc/winvnc.html) if you want to schedule a time the server should start while you are at home (in case you forgot to turn your machine on at home).

IMPORTANT:  This reverse VNC method is very risky in terms of security.  Every packet will be unencrypted for the world to see.  If possible, you should really use an SSH tunnel - which I have never used with VNC.  :)  Here's a link to some info http://www.uk.research.att.com/archive/vnc/sshvnc.html  - using that info, and a scheduled batch file, you may be able to initiate an SSH VNC session in listen mode.  Not sure though.

Good luck.
0
 
LVL 7

Expert Comment

by:LimeSMJ
ID: 12022556
Uhm... oops... I got your configuration backwards... Run the server on the home machine and access it via your work machine.
0
 
LVL 23

Expert Comment

by:Tim Holman
ID: 12027920
You're a big buggered if you can't change your NAT router, and are limited to P2P file sharing options such as gotomypc.com, and Kazaa.
0
 
LVL 57

Expert Comment

by:Pete Long
ID: 12028482
Ah Tim you just jogged my memory on something - watch for a mail notif
0

Featured Post

2017 Webroot Threat Report

MSPs: Get the facts you need to protect your clients.
The 2017 Webroot Threat Report provides a uniquely insightful global view into the analysis and discoveries made by the Webroot® Threat Intelligence Platform to provide insights on key trends and risks as seen by our users.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Wikipedia defines 'Script Kiddies' in this informal way: "In hacker culture, a script kiddie, occasionally script bunny, skiddie, script kitty, script-running juvenile (SRJ), or similar, is a derogatory term used to describe those who use scripts or…
If you are like regular user of computer nowadays, a good bet that your home computer is on right now, all exposed to world of Internet to be exploited by somebody you do not know and you never will. Internet security issues has been getting worse d…
This course is ideal for IT System Administrators working with VMware vSphere and its associated products in their company infrastructure. This course teaches you how to install and maintain this virtualization technology to store data, prevent vuln…
Despite its rising prevalence in the business world, "the cloud" is still misunderstood. Some companies still believe common misconceptions about lack of security in cloud solutions and many misuses of cloud storage options still occur every day. …
Suggested Courses

610 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question