Remote access and VNC
By Steve Blass
I am trying to allow a user Windows VNC access to her machine while on the road through a dial-up AOL account. The Linksys router does the network address translation and has one public IP address. I was able to NetMeeting into the machine by dialing up and then typing in the public IP address of the router. I also had to forward TCP Port 1503 to a static IP address behind the router. The only thing with this setup is that once connected, someone has to allow desktop sharing on the target machine. I would like to use the VNC server and client to connect instead - that way there is only a simple password to get in. Any ideas on how to do this or what port number should be forwarded?
You can do it with port forwarding, but you will need to open up two different ports. I ran a protocol analyzer (EtherPeek and Sniffer are good, Ethereal if you have little or no money in the budget) and found that VNC first uses 5800 to start a session and switches to 5900 once you have authenticated. This assumes you have installed VNC in a default configuration and aren't getting into some of the more advanced configuration settings available with newer versions of VNC. Even though you may have just set it up for her, I would do a quick check of Linksys' (http://www.linksys.com) Web site and make sure you have applied the latest firmware update available for your specific model of router.
This is just one option. Another option you might want to consider for added security is the latest release of Linksys' DSL router line, which has a VPN function in it. Although it is a little more expensive than the base DSL/cable router, it will allow you to avoid opening ports for the VNC traffic and also provide the option of VNC'ing to more than one machine behind the Linksys. While this may be a little more involved in terms of setup and more training for the user, it is a more secure solution because it helps protect the VNC password from getting into prying eyes and keeps information going back and forth encrypted. Depending on the customer's needs, you might be able to set up some network sharing so files can be copied between machines with the VPN connection in place.
Steve Blass is a network architect at Change@Work in Houston.
NW Digital Grease Monkey 07/31/02 - Copyright Network World, Inc., 2002
12:06:08 PM 
|
