Whether you need to trade-up to a shiny new Firebox or just ready to upgrade from whatever appliance you're using now, WatchGuard has the right appliance for you! Find your perfect Firebox today with appliance sizing tool!
Course Of The Month
8 days, 5 hours left to enrollBecome a Premium Member and unlock a new, free course in leading technologies each month.
Solved
RealVNC and multiple users with a firewall
Posted on 2004-09-13
I'm a typical network rookie so this question maybe an easy one:
A few users at work want to access server-based programs from home. I told them that they can remote in using remote desktop. They don't have Windows XP Professional though and I resorted to using RealVNC. Since RealVNC connects using ports 5900+N, how would I set up the firewall/VPN/router so that the connection is:
a) secure
b) multiple users can all connect at once (do I assign each person their own VNC port? eg User1 is 5901, User2 is 5902, etc)
Then when I connect using the RealVNC client do I type in the IP address with the port at the end? (xxx.yyy.zzz.fff:port)
Same goes for Remote Desktop for users that actually have Windows XP Pro on the network. How do they access their own computer on the network from home using that?
A few users at work want to access server-based programs from home. I told them that they can remote in using remote desktop. They don't have Windows XP Professional though and I resorted to using RealVNC. Since RealVNC connects using ports 5900+N, how would I set up the firewall/VPN/router so that the connection is:
a) secure
b) multiple users can all connect at once (do I assign each person their own VNC port? eg User1 is 5901, User2 is 5902, etc)
Then when I connect using the RealVNC client do I type in the IP address with the port at the end? (xxx.yyy.zzz.fff:port)
Same goes for Remote Desktop for users that actually have Windows XP Pro on the network. How do they access their own computer on the network from home using that?
[X]
Welcome to Experts Exchange
Add your voice to the tech community where 5M+ people just like you are talking about what matters.
- Help others & share knowledge
- Earn cash & points
- Learn & ask questions
-
4
6 Comments
1st, if you are not using VPN to connect to your network, forget RealVNC.. RealVNC does not encrypt the connection. If you do it through VPN, then it is secure.
If you do it through a VPN, you wont have to assign multiple port for VNC because each person will connect to a different computer from a seperate ip.
You would only have to configure multiple port if you would connect through your router to your workstation using port fowarding.
for Remote desktop, they have to 1st establish a VPN connection, then only type in the remote IP of their machine, and voila, they are connected.
If you do it through a VPN, you wont have to assign multiple port for VNC because each person will connect to a different computer from a seperate ip.
You would only have to configure multiple port if you would connect through your router to your workstation using port fowarding.
for Remote desktop, they have to 1st establish a VPN connection, then only type in the remote IP of their machine, and voila, they are connected.
Not QUITE sure what you're trying to do.
Everybody tagging the mainframe (or other shared machine) via VNC at once: Won't work - VNC only takes one incoming call at a time. And frankly, you don't want it. Five people connected, moving the mouse five different ways trying to get five things done at a time. Ugh.
Everybody connecting to their individual desktops over the VPN: Just have them connect to their individual IPs on the default port for VNC. Very low maint, and probably the best way to get this done if RDP won't work. (There is a remote desktop client available for 2000 - scour around Microsoft's site for it - I think that's where I got it.)
Everybody connecting to their individual desktops in the office from home, when the router's the only machine facing the internet: Trickier, but doable: a little port forwarding would be in order. Assign each user a port number, then set up a rule on the router that says to forward that user's connection to his desktop and configure their VNC to listen on their assigned port number..
Alice's desktop at work is 192.168.0.100. She gets assigned port 5800. Tell her to connect to http://router.yourcompany.com:5800.
Set up the router to forward incoming connections on port 5800 to 192.168.0.100, then set up VNC on her machine to listen on 5800.
Bob's at 192.168.178.101, so you assign him port 5900. He gets the same address, but should only connect on port 5900. Set the router up with a new rule in the same fashion: 5900 forwards to ...101, and set up the VNC client on Bob's machine to listen on 5900.
You really should encrypt this traffic if you're not using a VPN, but if you're not concerned, that ought to work.
Everybody tagging the mainframe (or other shared machine) via VNC at once: Won't work - VNC only takes one incoming call at a time. And frankly, you don't want it. Five people connected, moving the mouse five different ways trying to get five things done at a time. Ugh.
Everybody connecting to their individual desktops over the VPN: Just have them connect to their individual IPs on the default port for VNC. Very low maint, and probably the best way to get this done if RDP won't work. (There is a remote desktop client available for 2000 - scour around Microsoft's site for it - I think that's where I got it.)
Everybody connecting to their individual desktops in the office from home, when the router's the only machine facing the internet: Trickier, but doable: a little port forwarding would be in order. Assign each user a port number, then set up a rule on the router that says to forward that user's connection to his desktop and configure their VNC to listen on their assigned port number..
Alice's desktop at work is 192.168.0.100. She gets assigned port 5800. Tell her to connect to http://router.yourcompany.com:5800.
Set up the router to forward incoming connections on port 5800 to 192.168.0.100, then set up VNC on her machine to listen on 5800.
Bob's at 192.168.178.101, so you assign him port 5900. He gets the same address, but should only connect on port 5900. Set the router up with a new rule in the same fashion: 5900 forwards to ...101, and set up the VNC client on Bob's machine to listen on 5900.
You really should encrypt this traffic if you're not using a VPN, but if you're not concerned, that ought to work.
Great answer Dan! With the VPN, is it possible to not do port forwarding since they're already on the network? I mean, would their 192.168.0.80 be the 192.168.0.80 on the remote server while connecting via VPN or would it be their own local 192.168.0.80?
if you are on a VPN no port fowarding is necessary because you are already on the network! it'S just like you would connect to the computer just next to you in your office..
Featured Post
Like “For Dummies” books, you can read this in whatever order you choose and learn about mobility and BYOD; and how to put a competitive mobile infrastructure in place. Developed for SMBs and large enterprises alike, you will find helpful use cases, planning, and implementation.
Question has a verified solution.
If you are experiencing a similar issue, please ask a related question
When it comes to security, there are always trade-offs between security and convenience/ease of administration. This article examines some of the main pros and cons of using key authentication vs password authentication for hosting an SFTP server.
This article is in regards to the Cisco QSFP-4SFP10G-CU1M cables, which are designed to uplink/downlink 40GB ports to 10GB SFP ports. I recently experienced this and found very little configuration documentation on how these are supposed to be confi…
NetCrunch network monitor is a highly extensive platform for network monitoring and alert generation. In this video you'll see a live demo of NetCrunch with most notable features explained in a walk-through manner. You'll also get to know the philos…
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…
Suggested Courses
Earn Certification
HTML5 Specialist - Certification
Free withPremium
Course of the Month8 days, 5 hours left to enroll
617 members asked questions and received personalized solutions in the past 7 days.
Join the community of 500,000 technology professionals and ask your questions.