Citation :
Q52 Will VNC work through a firewall?
It depends on your firewall, and whether you want to access a server inside your firewall from elsewhere, or a server outside your firewall from inside.
Generally firewalls are designed to prevent incoming connections except to certain well-known machines and ports. If you can configure these to include your VNC server, then you will be able to access it from anywhere in the world. There is a good argument to be made for the fact that VNC is less of a security risk than X, so if your site doesn't allow X in or out it may still allow VNC. Many modern firewalls will allow outgoing connections initiated from inside, so you can often access servers on outside machines. It is straightforward, for example, to recompile the viewer source to include SOCKS support, or to make other special arrangements. See the contribs page. It's a pity that Java within a browser doesn't automatically use SOCKS if the browser is configured to use it. There's probably Java SOCKS support out there somewhere... If your internet access is through a router which does Network Address Translation, you may be able to configure the router to redirect particular incoming ports to particular machines. So you could run WinVNC with a display number of 0 on machine snoopy, and with display 1 on machine woodstock, then set your router to send port 5900 to snoopy and 5901 to woodstock. See below for information on the other port numbers used by VNC.
Q53 Which TCP/IP ports does VNC use?
A VNC server listens on two ports. The exact port numbers depend on the VNC display number, because a single machine may run multiple servers. The most important one is 59xx, where xx is the display number. The VNC protocol itself runs over this port. So for most PC servers, the port will be 5900, because they use display 0 by default.
In addition, VNC servers normally have a small and very restricted web server built in, which allows you to connect a browser to them and use the Java viewer. This runs on port 58xx. Note that this is the HTTP port used for downloading pages and applets, but once the applet is running it uses 59xx for VNC just like any other viewer. The servers can be changed to listen on other ports if, for any reason, these are not suitable for you. See the server's documentation for more details. Most of the viewers, if given a display number larger than 99, will interpret it as a direct port number and will not add 5900. See also the next question.
If you are running a viewer in 'listening' mode, where it accepts connections initiated by the server, it will listen for incoming VNC on port 5500.
|