Setting RealVnc to pass through corporate firewall??? 1

[Sephir0th]

Hi!!
I´m trying to access my computer at home, so i installed over there realvnc software and left it on as a service. I configured at home to let ports 5900 and 5500 to go through. I also checked at

http://www.gotomyvnc.com

and it says it´s open. Everything seems to work ok, but the problem is that when i come to work, i try to connect and i get a connection refused 10061 error. I double checked everything and the problem seems to be that the firewall of the corporation is blocking port 5900.
I tried setting the vnc software to port 80 (which is unblocked here at the corporation) but i can´t connect with it, not even in my LAN @ home
I wanted to know what kind of setup i should use so that i can make this work
thanks a lot!!!

 

[jimbopalmer]

Firstly, are you trying to access your home computer from work, or your work computer from home?

If the latter, just ask corporate IS, that way you do not get fired for violating company policy.

If the former, the work firewall should not be the issue, it is the home setup.

I tried to remain child-like, all I acheived was childish.

 

[Sephir0th]

jimbopalmer : it´s ok thanks for the advice but i could really use some help. it´s the latter, access home from work
again, any setup to be able to do this? thanks

 

[LawnBoy]

You could try running a tracert to see where the connection is dying.

We do not allow outbound port 5900 on our firewall. You can circumvent the webfilters that way.

 

[Sephir0th]

yup, the port´s bloqued
port 80 is available though
but i tried setting vnc server to listen there and it´s not working
any way to make it go through port 80????

 

[LawnBoy]

You need to have "Serve Java Viewer via HTTP on port" both enabled and set on port 80.

I would consider it a major security risk to serve VNC on port 80, you're going to be attacked by every script kiddie ever born...

 

[Sephir0th]

thanks LawnBoy
what if i set encription?? realvnc has some feature like this i think, would it be secure or that´s not enough?

 

[pansophic]

You probably want to stay away from well-known port numbers for two reasons: 1) there are a billion scripts running at any given moment attempting to compromise most well-known ports; 2) your ISP is likely blocking inbound requests to well-known ports like 21, 22, 25, 80, 110, 143 and 443 because they don't want businesses using inexpensive residential services.

I'd try something like 81 and see what you get. You can test from home using a service like grc.com's Shields Up. Ignore all the hoopla and see if the port that you opened on your server is open from the Internet.

Don't forget to set your port forwarding on your router/cable modem.


pansophic

 

[Supergrrover]

Just so you know, this may all be for not depending of the sophistication of your IT dept. They may have a proxy server or a firewall that does layer 5-7 inspections (i.e. it reads what is actually in the data streams that are going out.) It sees that you are not actually using HTTP over port 80 and blocks it. Cisco and Checkpoint (among others) have this ability.
You might try setting up a connection that tunnels VNC over SSH - google it. This traffic is always encrypted so it cannot be inspected. HTTPS might also work.


Brent
Systems Engineer / Consultant
CCNP, CCSP

 

[Sephir0th]

thanks!!! i´ll try it out