Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 27807
  • Last Modified:

VNC access through NAT

I have my home computer running Windows XP which is behind a NAT router and has an internal ip of 192.168.0.4. I setup dyndns.org to publish the external ip of the router. I want to be able to access my home computer through VNC from my work computer which is directly on the internet and has a static IP. I have heard of people doing this through SSH tunneling but i am not sure how to do this from my XP system to create a tunnel to my work computer. I do not have access to the NAT router so i cannot open ports on the router.
0
Enslaver
Asked:
Enslaver
1 Solution
 
Pete LongConsultantCommented:
Running VNC through routers/Firewalls

If you are on the CONTROLLING computer and are behind a router you will need to open port 5900 TO the IP address of the CONTROLLED PC. (this is usually the external IP address of the router at the CONTROLLED end)

You will need to set the router at the CONTROLLED end to forward port 5900 traffic to the CONTROLLED IP address).

NB. VNC web traffic travels over ports 5800 to 5900

Why the different numbers?

VNC installs a mini web server that listens on ports 5800 to 5900, it does this because, if you need to control multiple PCs you can set so that the last two digits of the port number become the DISPLAY number (client number)

for example

machine 1 = 0 (that's port 5800) to connect type http://<public IP address>:5800
machine 2 = 1 (that's port 5801) to connect type http://<public IP address>:5801

Obviously at the CONTROLLED end the router/firewall must be set up to forward port 5800 to machine 1's IP address etc.

Why port 5900 then?

The APPLICATION uses this port


*****Links*****

Download RealVNC
http://www.realvnc.com/

Download TightVNC
http://www.tightvnc.com/

Connecting over the web Java VNC Viewer
http://www.realvnc.com/javavncviewer.html
0
 
EnslaverAuthor Commented:
Read the last line "I do not have access to the NAT router so i cannot open ports on the router." This is not an easy solution.
0
 
Pete LongConsultantCommented:
my appologies - then your best bet is NOT to use VNC,PCAnywhere or any of the traditional remote control applications.
you could try gotomypc it runs over port 80 which is usually open (but its not free)
0
Who's Defending Your Organization from Threats?

Protecting against advanced threats requires an IT dream team – a well-oiled machine of people and solutions working together to defend your organization. Download our resource kit today to learn more about the tools you need to build you IT Dream Team!

 
LimeSMJCommented:
You can run VNC "in reverse" using the "Run Listening VNC Viewer"...

Basically you run the VNC server from inside the router with your external computer running VNC in listen mode.  This way, the communication starts from inside the NAT to the outside computer(for situations as you are in).  Just make sure your external computer is on and you are running VNC in listen mode before you setup the VNC server on the inside.  You will also need to know your external computer's IP address or hostname (if you use some service like dyndns.org).

When you want to use the listen mode, just start the VNC Server on the work computer.  Set up a password (for incoming connections - which in your case won't be anyone).  Click OK.  Then in the system tray, right click on the VNC icon and select Add New Client... in the window that pops up, just type in your IP or hostname and then (if your router isn't blocking any ports) you should now be able to control the internal machine from the outside.  FYI, you can also use a batch file to start the server program using command line options (http://www.uk.research.att.com/archive/vnc/winvnc.html) if you want to schedule a time the server should start while you are at home (in case you forgot to turn your machine on at home).

IMPORTANT:  This reverse VNC method is very risky in terms of security.  Every packet will be unencrypted for the world to see.  If possible, you should really use an SSH tunnel - which I have never used with VNC.  :)  Here's a link to some info http://www.uk.research.att.com/archive/vnc/sshvnc.html  - using that info, and a scheduled batch file, you may be able to initiate an SSH VNC session in listen mode.  Not sure though.

Good luck.
0
 
LimeSMJCommented:
Uhm... oops... I got your configuration backwards... Run the server on the home machine and access it via your work machine.
0
 
Tim HolmanCommented:
You're a big buggered if you can't change your NAT router, and are limited to P2P file sharing options such as gotomypc.com, and Kazaa.
0
 
Pete LongConsultantCommented:
Ah Tim you just jogged my memory on something - watch for a mail notif
0

Featured Post

Cyber Threats to Small Businesses (Part 1)

This past May, Webroot surveyed more than 600 IT decision-makers at medium-sized companies to see how these small businesses perceived new threats facing their organizations.  Read what Webroot CISO, Gary Hayslip, has to say about the survey in part 1 of this 2-part blog series.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now