Bienvenido! - Willkommen! - Welcome!

Bitácora Técnica de Tux&Cía., Santa Cruz de la Sierra, BO
Bitácora Central: Tux&Cía.
Bitácora de Información Avanzada: Tux&Cía.-Información
May the source be with you!

Tuesday, November 16, 2010

VNC -Opening Ports in Firewalls and Routers

Source

OpenSUSE firewall: Two areas need attention here. First is the "Zone" into which you place your netwok interfaces. Then there are the ports that you need to open to allow packets between those interfaces and the outside world.
You must associate your network interface with the External Zone in SuSEfirewall2. Go to Yast --> Security and Users --> Firewall --> Interfaces. Your network card or cards will be listed in the right-hand panel. Make sure they're in the External Zone.
Next, still in Yast's Firewall module, go to Allowed Services. In the right-hand panel, set the Selected Zone to External Zone. Below that is a drop-down list titled Services to allow. Two in that list are relevant here; viz: VNC and VNC mini-HTTP server. Leave the service called VNC Server alone; it's not for TightVNC. For tightVNC, the service VNC will open ports 5900 to 5999 for the XWindow viewer and the service VNC mini-HTTP server will open ports 5800 to 5899 for the web browser viewer. Use one or the other (or both), depending on your mode of communication. You can manipulate the appropriate service/s into the lower panel with the Add buttion.
For earlier releases of Suse/openSUSE the firewalling might be different. For earlier releases opening ports will work fine if you use the Advanced button and add the ranges 5800:5899 5900:5999 (as a space-separated list) into the TCP slot.
Windows firewall: Sometimes you will be asked when installing TightVNC as a service, whether you want the server to be permmitted by the firewall. Answer yes. Otherwise open ports as shown next or if you have additional misgivings open ports anyway. Windows only has the window :0 and so you mostly need be concerned only with the default port/s 5800/5900. However you may associate a different port of your choice with windows :0. To open a port go to Control Panel --> Windows Firewall --> Advanced --> Highlight the network interface and click Settings --> Add:
  • In Description put TightVNC.
  • In IP address enter the IP address of the workstation that you are using.
  • In External port enter the port number (e.g. 5900).
  • In Internal port enter the port number (e.g. 5900).
  • Make sure the radio button is activated for TCP, not for UDP.
  • Repeat the process for each other port you need, e.g. 5800.
ZoneAlarm: Look under Firewall --> Main --> Advanced and allow "Traffic over 1394".
Port Forwarding: Routers connect connect networks with different IP subnets. You should enable port forwarding in your router's configuration. Port forwarding allows passing external connections to computers in the internal network. Almost all routers support this type of redirection.
For example, to access a TightVNC server running on default ports, a router can be configured such hat TCP connections to port 5901 would be passed to the same ports of a particular machine with a specified private IP address (typically 192.168.x.x).
Here is an example of configuring port forwarding, assuming that TightVNC Server is running on the default ports 5800 and 5900, on a machine with IP 192.168.1.100:
Application    ¦ Start port ¦ End port ¦ Protocol ¦  IP Address   ¦ Enable
-----------------------------------------------------------------------
VNC_by_viewer  ¦    5900    ¦   5900   ¦   TCP    ¦ 192.168.1.100 ¦ yes
VNC_by_browser ¦    5800    ¦   5800   ¦   TCP    ¦ 192.168.1.100 ¦ yes
More examples can be found on www.portforward.com.

No comments: