|
|
|
date: Mon, 12 Oct 2009 16:10:22 +0100,
group: uk.comp.home-networking
back
VNC and port forwarding
I'm away from home a fair bit, but sometimes need to sort out some printing
and other work. So I'm trying to set up VNC
My wife's (xp) wireless netbook has the IP 192.168.1.x (set using DHCP from
the D-Link router)
I've enabled port forwarding on the router for:
'private IP' 192.168.1.20 (the first number),
'all protocols',
'start port 5900',
'end port 5900' (+ the same off-set for each port) and using
'connection PVC0'
This seems to work all right. Is that it? or am I leaving something
vulnerable to attacks?
I wasn't sure what options might go in the 'protocols' setting
TIA
John
--
John Mulrooney
NOTE Email address IS correct but might not be checked for a while.
About 95% of quoted statistics are probably made up
date: Mon, 12 Oct 2009 16:10:22 +0100
author: JTM
|
Re: VNC and port forwarding
On Mon, 12 Oct 2009 16:10:22 +0100, JTM wrote:
> I'm away from home a fair bit, but sometimes need to sort out some printing
> and other work. So I'm trying to set up VNC
>
> My wife's (xp) wireless netbook has the IP 192.168.1.x (set using DHCP from
> the D-Link router)
>
> I've enabled port forwarding on the router for:
> 'private IP' 192.168.1.20 (the first number),
> 'all protocols',
> 'start port 5900',
> 'end port 5900' (+ the same off-set for each port) and using
> 'connection PVC0'
>
> This seems to work all right. Is that it? or am I leaving something
> vulnerable to attacks?
If you are using password authentication then that should be as safe as the
strength of the chosen password.
I would nail down the IP address of the netbook by setting it to be fixed
and not rely on it getting the same address each time from DHCP.
Is your home Internet on a fixed IP address or are you using DynDNS etc?
Tony
date: Mon, 12 Oct 2009 17:49:13 +0100
author: Anthony R. Gold
|
Re: VNC and port forwarding
Anthony R. Gold wrote:
> On Mon, 12 Oct 2009 16:10:22 +0100, JTM wrote:
>> I'm away from home a fair bit, but sometimes need to sort out some printing
>> and other work. So I'm trying to set up VNC
>>
>> My wife's (xp) wireless netbook has the IP 192.168.1.x (set using DHCP from
>> the D-Link router)
>>
>> I've enabled port forwarding on the router [...]
>
> I would nail down the IP address of the netbook by setting it to be fixed
> and not rely on it getting the same address each time from DHCP.
I agree the address should be nailed down, but if possible I would
recommend doing this in the router rather than on the computer. The
feature is called "Address Reservation" on my Netgear, not sure what any
others call it but many/most have the capability.
This makes life simpler if the computer may be used on multiple networks
(as is likely for a netbook) or if there are many computers (because all
allocation is managed in one place).
Alex
date: Mon, 12 Oct 2009 18:05:36 +0100
author: Alex Fraser
|
Re: VNC and port forwarding
In message , JTM writes
>This seems to work all right. Is that it? or am I leaving something
>vulnerable to attacks?
VNC has a poor reputation for security. One reason is that it sends
passwords as clear text. That may not be an issue if all you keep on the
machine is your own personal data. If you keep any of your employer's
data on the machine you should get their permission and advice.
The usual advice for making VNC more secure is to use SSH tunnelling
using stunnel or similar. The VNC server should then be locked so that
only local users (including those using tunnels) can connect.
--
Bernard Peek
date: Mon, 12 Oct 2009 18:53:47 +0100
author: Bernard Peek
|
Re: VNC and port forwarding
In article ,
Bernard Peek wrote:
> In message , JTM writes
> >This seems to work all right. Is that it? or am I leaving something
> >vulnerable to attacks?
> VNC has a poor reputation for security. One reason is that it sends
> passwords as clear text. That may not be an issue if all you keep on the
> machine is your own personal data. If you keep any of your employer's
> data on the machine you should get their permission and advice.
> The usual advice for making VNC more secure is to use SSH tunnelling
> using stunnel or similar. The VNC server should then be locked so that
> only local users (including those using tunnels) can connect.
Thanks to A R Gold, Alex Fraser and yourself for the replies.
The home address is not fixed, so I'll need grandson or someone to
switch on and tell me what it is. (whatismyip.com?)
I'll have to read up on SSH tunnelling and address Reservation.
So far though, this VNC seems easier than my attemps to set up home
networks for XP, Vista, RISC OS and Mandriva / Kubuntu. Only partially
managed that over the last few years while I seem to have VNC working
within a week!
Tomorrow I get to see if it works from France as well as it has from a
couple of miles away.
Thanks again
John
--
John Mulrooney
NOTE Email address IS correct but might not be checked for a while.
The grave's a fine and private place, but none I think do there embrace
date: Mon, 12 Oct 2009 20:09:20 +0100
author: JTM
|
Re: VNC and port forwarding
On Mon, 12 Oct 2009 20:09:20 +0100, JTM wrote:
> The home address is not fixed, so I'll need grandson or someone to
> switch on and tell me what it is. (whatismyip.com?)
>
> I'll have to read up on SSH tunnelling and address Reservation.
http://www.dyndns.com/ is free will allow you to address the home by some
chosen hostname (eg: jtmhome@dyndns.org) regardless of its changing IP
address, which should be far simpler.
> Tomorrow I get to see if it works from France as well as it has from a
> couple of miles away.
If you need help either opening the free account or installing the DynDNS
client software then ask again.
Tony
date: Mon, 12 Oct 2009 20:46:58 +0100
author: Anthony R. Gold
|
Re: VNC and port forwarding
On Mon, 12 Oct 2009 20:46:58 +0100, "Anthony R. Gold"
wrote:
> On Mon, 12 Oct 2009 20:09:20 +0100, JTM wrote:
>
>> The home address is not fixed, so I'll need grandson or someone to
>> switch on and tell me what it is. (whatismyip.com?)
>>
>> I'll have to read up on SSH tunnelling and address Reservation.
>
> http://www.dyndns.com/ is free will allow you to address the home by some
> chosen hostname (eg: jtmhome@dyndns.org) regardless of its changing IP
> address, which should be far simpler.
Sorry, that should of course be jtmhome.dyndns.org and not wot i rote b4.
Tony
date: Mon, 12 Oct 2009 20:48:56 +0100
author: Anthony R. Gold
|
Re: VNC and port forwarding
Anthony R. Gold wrote:
> On Mon, 12 Oct 2009 20:46:58 +0100, "Anthony R. Gold"
> wrote:
>
>> On Mon, 12 Oct 2009 20:09:20 +0100, JTM wrote:
>>
>>> The home address is not fixed, so I'll need grandson or someone to
>>> switch on and tell me what it is. (whatismyip.com?)
>>>
>>> I'll have to read up on SSH tunnelling and address Reservation.
>> http://www.dyndns.com/ is free will allow you to address the home by some
>> chosen hostname (eg: jtmhome@dyndns.org) regardless of its changing IP
>> address, which should be far simpler.
>
> Sorry, that should of course be jtmhome.dyndns.org and not wot i rote b4.
>
> Tony
I'm using the free
https://www.no-ip.com
has worked flawlessly for a year on my father's pc.
A good way of getting/checking the IP address of the remote PC is to get
them to send you an email and look at the first received from in the
headers/source - dynamic IP address dont change that often if you leave
the router switched on.
date: Tue, 13 Oct 2009 23:01:06 +0100
author: robert lid
|
Re: VNC and port forwarding
JTM wrote:
> I'm away from home a fair bit, but sometimes need to sort out some printing
> and other work. So I'm trying to set up VNC
Worth paying the small fee and getting the Personal Edition as this
allows an encrypted connection.
http://www.realvnc.com/products/download.html
I've used it very effectively.
Geoff Lane
date: Wed, 14 Oct 2009 18:13:24 +0100
author: Geoff Lane
|
Re: VNC and port forwarding
In article ,
JTM wrote:
> Tomorrow I get to see if it works from France as well as it has from a
> couple of miles away.
Well I've been in France for a few days and today needed to try to print
some documents at home in Lancs. Daughter switched wife's netbook on and
grandson looked after the printer in the attic. VNC (ultraVNC actually
'cos realvnc won't work with Vista) did the job and I'm a happy chappy.
Thanks again folks.
John
--
John Mulrooney
NOTE Email address IS correct but might not be checked for a while.
Health is not valued until sickness comes
date: Sat, 17 Oct 2009 19:40:43 +0100
author: JTM
|
Re: VNC and port forwarding
JTM wrote:
> In article ,
> JTM wrote:
>
>> Tomorrow I get to see if it works from France as well as it has from a
>> couple of miles away.
>
> Well I've been in France for a few days and today needed to try to print
> some documents at home in Lancs. Daughter switched wife's netbook on and
> grandson looked after the printer in the attic. VNC (ultraVNC actually
> 'cos realvnc won't work with Vista) did the job and I'm a happy chappy.
>
> Thanks again folks.
>
> John
>
The free version of RealVNC won't work with Vista, you have to use the
Personal Edition, which is about £20. Does UltraVNC have a "listening
client" option? I find that very useful.
Phil, London
date: Sun, 18 Oct 2009 12:25:07 +0100
author: Philip Herlihy lhost
|
Re: VNC and port forwarding
In article <mWCCm.25705$cV4.6637@newsfe01.ams2>,
Philip Herlihy <me@here.localhost> wrote:
> The free version of RealVNC won't work with Vista, you have to use the
> Personal Edition, which is about £20. Does UltraVNC have a "listening
> client" option? I find that very useful.
> Phil, London
It has UltraVNC viewer listen mode and UltraVNC viewer listen
mode(Encrypted)
--
John Mulrooney
NOTE Email address IS correct but might not be checked for a while.
There are 3 types of people: those who are numerate and those who aren't.
date: Sun, 18 Oct 2009 14:18:02 +0100
author: JTM
|
|
|
