Mike:
That's a really good point about the proxy; it definitely
sounds as if Nick's workplace LAN is setup to use one.
Nick: using port 443 as Mike suggested should work. You
can forward your home-LAN LinkSys's external port 443 to port 5900
of the target VNC server, or forward it to that servers's port 443
(if that server is setup to listen on display 60079).
As for SSH, I use the Mindterm client, which turns out
to be proxy-aware. Trick here is that you need a machine on the
LAN that's running an SSH server (which could be the same machine
that's running VNC), making the LinkSys config that much hairier.
Can't tell if we're getting closer or not. :)
cheers,
Scott
> There are a couple things going on here. One is that your corporate
> firewall blocks outgoing connections to arbitrary ports. Another is
> that your company also has a proxy server for HTTP service. This is
> demonstrated by the fact that you can do a "http://ip:port/"; and get a
> connection but can't telnet directly to the same address and port
> number. Going through the proxy server works fine for getting the VNC
> Java applet that is normally served on port 5800 because the applet is
> served via the HTTP protocol that the proxy knows how to deal with.
> After the Java applet loads and gives you the password prompt, however,
> it needs to open up a connection to the real VNC port (normally 5900)
> just like the vncviewer program does. This connection fails because it
> is not going through the proxy server. It is just like the telnet test.
> Redirecting the connection through the proxy probably isn't an option
> because the proxy server doesn't know how to handle anything but HTTP
> traffic. Your best bet is probably to try to find a port for which
> direct outgoing connectivity is allowed. 21, 22, 23, and 443 are likely
> candidates. Many proxy servers allow arbitrary protocols over the HTTPS
> port (443) because they can't do any real proxying of the normal
> encrypted connections anyway. However, unless it is a transparent
> proxy, you still have to have a proxy-aware application (which VNC is
> not) to initiate the connection.
>
> If there are absolutely zero ports that you can telnet directly to, then
> you will need to find a way to tunnel VNC over an allowed service. SSH
> might be a good candidate. I know you mentioned that getting the
> network admins to change the configuration was not an option, but I
> suggest talking to them anyway and getting detailed information about
> their configuration as well as asking them for suggestions as to how you
> can legitimately accomplish your goal in their environment.
>
> - --
> Mike Ossmann, Tarantella/UNIX Engineer/Instructor
> Alternative Technology, Inc. http://www.alttech.com/
---------------------------------------------------------------------
To unsubscribe, mail [EMAIL PROTECTED] with the line:
'unsubscribe vnc-list' in the message BODY
See also: http://www.uk.research.att.com/vnc/intouch.html
---------------------------------------------------------------------
