Harmen van der Wal wrote:
>
> "Joseph A. Knapka" wrote:
> >
> > Jon Smith wrote:
> > >
> > > I downloaded your patch for win VNC so that i would be able to use VNC at school
> > > (which has a proxy only allowing some ports like port 80) I changed the port
> > > setting in the registry to port 80 and i have just tried to access my home
>computer
> > > from school using the java applet through the web page. The java applet loads up
> > > fine but when i enter a password it comes back with an error message a couple of
> > > minutes later saying somthing like "operation timed out, no connection to host"
>what
> > > could be cauusing this? Does the java applet know to use the proxy server of the
> > > school?
> >
> > The Java applet -- aah. Probably doesn't know it has to go through port
> > 80 to get to the VNC server. It is probably trying to use 5900 or
> > similar.
> >
> > I will investigate this. It will probably mean adding an option to the
> > Java viewer to select which port to connect on.
> >
> > -- Joe
> >
>
> Keep in mind that the Java applet loaded through a HTTP proxy, doesn't
> use that proxy with the rfb protocol. So having both http & rfb on port
> 80 alone doesn't help those who can't use direct TCP/IP connections (or
> some kind of transparent proxy), but must use their LAN's HTTP proxy.
> (Anyone can test this by telnetting to the rfb host+port)
I had not thought about that. This seems to make my patch useless,
since the only situation in which it would really be necessary
is the one where there is an HTTP proxy involved. Oh well.
> I have modified the Java viewer to use HTTP proxies (that allow HTTP
> CONNECT /SSL) for rfb. The problem for use with LAN HTTP proxies though,
> is that the applet must connect to the local HTTP proxy, but Java applet
> security prohibits this, because the applet is hosted elsewhere. So the
> viewer must be run as an app, or with an appletviewer with adjusted
> security settings.
>
> If on the other hand someone is able to make direct connections, but
> only on port 80, it's possible to use an outside-the-LAN-HTTP-proxy to
> both load the applet and make the rfb connection on port 80. The Java
> security problem can be fixed by loading the applet explicitely through
> the HTTP proxy (beware: most HTTP proxies don't allow for this though).
>
> Note that this method doesn't need a modified server. Just common
> 5800/5901 vnc will do. The modified Java client is available on my site.
> Anyone with a client-side packet filtering problem can use it with HTML
> like this:
>
> APPLET
> codebase=http://proxy.spaceproxy.com:80/-_-http://www.workspot.net/~harmen/vnc
> code=vncviewer.class archive=vncviewer.jar width=800 height=600
> PARAM name=HOST value=[your vnc/rfb server host]
> PARAM name=PORT value=5901
> PARAM name=PROXYHOST1 value=proxy.spaceproxy.com
> PARAM name=PROXYPORT1 value=80
> /APPLET
> (brackets left out of code not to confuse some mail readers)
>
> For those who must go through their LAN's HTTP proxy there's a bunch of
> http-tunnel-tools out there, but it would be ideal in my mind to have a
> Java applet do it, becuase you can use it wherever you might happen to
> be. Off course this would also require adjustment on the server-side.
I am not sure I understand this point. You seem to be saying,
(1) It is possible, with no client or server changes, to tunnel
both HTTP and RFB connections through a third-party HTTP tunnel
host, and achieve a connection;
(2) the applet and server should just wrap the RFB protocol inside
HTTP, and thus eliminate the http-tunnel host.
Is that correct?
Thanks,
-- Joe
> Anyway: I will be following your progress with interest: Good Luck!
>
> --
> Harmen
> Firewall VNC Client: http://www.workspot.net/~harmen/vnc/readme.html
-- Joe Knapka
---------------------------------------------------------------------
To unsubscribe, send a message with the line: unsubscribe vnc-list
to [EMAIL PROTECTED]
See also: http://www.uk.research.att.com/vnc/intouch.html
---------------------------------------------------------------------
