Re: Ports for Ultra VNC behind a firewall - for remote support
- From: Leythos <spam999free@xxxxxxxxxx>
- Date: Fri, 20 Mar 2009 16:49:21 -0400
In article <gq0rhd$bgq$1@xxxxxxxxxxxxxxxxxxx>, V@xxxxxxxxx says...
Leythos wrote:
In article <gpvaam$e0a$1@xxxxxxxxxxxxxxxxxxx>, V@xxxxxxxxx says...
Leythos wrote:
I have client that sits behind a real firewall, not a cheap nat router,
and the vendor for the app they use build a Ultra VNC connection into
it.
When the local company starts the help service, it shows the 50+ remote
support connections, but, I can't seem to find a way for the remote
support people to connect back into the workstation with UVNC listening.
There is no way to map individual IP:Port to LAN IP:Port as the stations
are all DHCP assigned....
Anyone doing this that might have an idea?
Unless your router allows port forwarding based on MAC address, all it
has is to forward a port to a particular host by its IP address. That
means you need to use static IP addressing on those particular hosts to
which you want to punch a hole through your router. You need to get
past NAT in the router.
Some remote access products get around the problem by using a local
client. You are using a 3rd party service, like GoToMyPC or Mikogo or
LogMeIn. The client actually makes an outbound connect to the service
which the firewall will allow (just like it will allow your outbound web
browser or outbound e-mail client connects).
In this case the UVNC makes a outbound connection to the provider and
gets a list of available support nodes, you double click on one of them
and then wait - I can't see anything blocked in the firewall, so I can't
tell what the problem is.
Wouldn't all of those outbound connects from their UVNC-enabled hosts
appear to have the same IP address (from their router's WAN-side
boundary)? How would this outside service know how to specify a
particular host? It is trying to communicate with the router, not a
host on the other side of it.
This wasn't my solution, it came pre-setup and the software vendor
normally provides a NAT router to protect the server and computers.
So, same issue, all computers have Ultra VNC listener, they connect to
the software providers VNC Server on the inetnet, and then the software
vendor can see/control the local computer.
I was told by them that it only needs outbound port 80 to work, then I
was told that it needs outbound port 5900, then I was told that they
don't know what it needs....
Being a firewall guy myself I would have expected that the workstation
would reach-out and touch the software provider and that a two way
connection, much like surfing or ftp, would be setup, but there is no
connection showing in the firewall monitor.
[snip dns]
[snip nat]
LogMeIn, Mikogo, TeamViewer, and the like operate as a service provider
that is an intermediary between the outsider and internal host. The
outsider connects to this service provider and requests a session with a
host (which can be by an IP name which will identify a particular host
past the router, a hostname used by that host within its network, or by
a ID number used in the handshaking). The outsider then waits. A
client runs on the internal host that not only notifies this service
what is its IP address (which will be the WAN-side IP address of the
router) but also to check for pending session requests. If there is a
pending session request, the service provider connects the client to the
outsider and then steps out of the way (since they obviously don't
really want to handle that volume of traffic). So both outsider and
client are issuing connect requests to this 3rd party service provider.
That means they both circumvent firewall restrictions because each is
making an outbound connection which is typically allowed. These
services often use a common port for the handshaking from client and
outsider to avoid being blocked by a router, like using port 80 since
most routers are configured to permit HTTP traffic (for outbound
requests initiated by their internal hosts).
That's how the software vendor stated the UltraVNC connection service is
suppose to work, they provide a server WAN connection for all of their
customers, the customers pick a support rep, and they connect, but I
can't see it attempting the connection in the firewall.
[snip rest]
Thanks for the reply, but, I'm already aware of the NAT issues, been
doing this a long time, but I'm not an Ultra VNC person, so I thought
that maybe I was missing something.
--
- Igitur qui desiderat pacem, praeparet bellum.
- Calling an illegal alien an "undocumented worker" is like calling a
drug dealer an "unlicensed pharmacist"
spam999free@xxxxxxxxxx (remove 999 for proper email address)
.
- Follow-Ups:
- Re: Ports for Ultra VNC behind a firewall - for remote support
- From: VanguardLH
- Re: Ports for Ultra VNC behind a firewall - for remote support
- References:
- Ports for Ultra VNC behind a firewall - for remote support
- From: Leythos
- Re: Ports for Ultra VNC behind a firewall - for remote support
- From: VanguardLH
- Re: Ports for Ultra VNC behind a firewall - for remote support
- From: Leythos
- Re: Ports for Ultra VNC behind a firewall - for remote support
- From: VanguardLH
- Ports for Ultra VNC behind a firewall - for remote support
- Prev by Date: Re: Ports for Ultra VNC behind a firewall - for remote support
- Next by Date: Re: Ports for Ultra VNC behind a firewall - for remote support
- Previous by thread: Re: Ports for Ultra VNC behind a firewall - for remote support
- Next by thread: Re: Ports for Ultra VNC behind a firewall - for remote support
- Index(es):
Relevant Pages
|
Loading
