inkfreq
asked on
VNC to Windows Machine Through IPTables?
I have a linux machine with IPTables running asa mutli-home NAT/Firewall. On the local side of this, there is a windows box which i need to give access to to a development team in India.
I am currently forwarding port 5900 and port 22 to this windows machine. However connection are being refused by the TightVNC server.
Is there a special way in which I need to configure the TightVNC Viewer, the TightVNC server, or the iptables NAT/Firewall in order make this connection happen?
Basically, I need to connect from Windows to Remote Windows, with Linux in betweee.
Any help would be greatly appreciated. This is a time critical operation.
I am currently forwarding port 5900 and port 22 to this windows machine. However connection are being refused by the TightVNC server.
Is there a special way in which I need to configure the TightVNC Viewer, the TightVNC server, or the iptables NAT/Firewall in order make this connection happen?
Basically, I need to connect from Windows to Remote Windows, with Linux in betweee.
Any help would be greatly appreciated. This is a time critical operation.
ASKER
Given that I already explained that my port forwarding appraoch was failing, and that this reply contains a line which says "For more details on hot to do this, see here." but no link at all... I really don't see how this information was at all helpful, Im sorry.
I need to figure out why I cannot connect to a TightVNC server from a TightVNC viewer through an iptables firewall. This seemed to be more of an explanation of what firewalls are and why they work the way they do, rather than a starting place for figuring out the connection problem.
I need to figure out why I cannot connect to a TightVNC server from a TightVNC viewer through an iptables firewall. This seemed to be more of an explanation of what firewalls are and why they work the way they do, rather than a starting place for figuring out the connection problem.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
While this answer didn't quite cover what I needed to know, it did give me some very solid jumping points to getting the problem fixed. Thanks.
Many organisations operate firewalls to reduce the risk of intrusion by malicious attackers via the Internet. These firewalls typically operate by only allowing connections in to machines in that organisation on specific ports. Which ports are permitted access depends upon the network protocol that uses the port and the degree of security it provides. VNC servers can accept incoming connections through firewalls in two main ways. Although the first is usually the simplest to arrange, we recommend using the SSH tunnelling method wherever VNC is to be used over an untrusted network such as the Internet.
* Opening Ports - The simplest way to allow VNC connections in through your firewall is to configure your firewalling software to allow connections to the VNC ports. If N is the display number of a particular VNC server then it will accept connections on port 5900+N. Configuring your firewall to allow connections to this port will allow VNC to work. If you wish to use the in-built web server and Java VNC Viewer then you will also need to allow connections to port 5800+N. Unfortunately, because VNC traffic is not encrypted, this approach weakens the security provided by your firewall, and so is not advisable.
* Secure Tunnelling - Most organisations that operate firewalls allow connections to a number of standard ports, that are in principle used only by secure or harmless protocols. While VNC in its present incarnation is not suitably secure for this to be advisable, it can be "tunnelled" through a secure protocol layer to achieve the same effect. The Secure Shell (SSH) protocol is one example of such a wrapper, and is one which most firewalls allow access through. The Secure Shell client is run on the VNC client computer and is made to forward connections to a particular port on that machine to a port on the VNC server machine. The forwarded connection is encrypted by the SSH software, which can provide both encryption and authentication. For more details on how to do this, see here.