help with firewall

[guest2]

Hello, I would like your help.
I have this set-up:

PC1 (work) -> LAN-> Firewall (http on port 80 ok; other ports blocked) -> Internet <- PC2 (home; all ports ok)

I can install UVNC server or viewer on both machines. But cannot change LAN config or firewall on PC1 (work PC).

At present:
I can connect from PC1 (VNCViewer) to PC2 opening a zebedee tunnel which transmits on port 80 and connects to the PC2 UVNC server.
All works well.

I would like to make the reverse, i.e. connect from PC2 (Viewer) to PC1 (server) somehow. I cannot find any way of doing it, as PC1 can only talk on port 80 and has no real IP (only an internal LAN/NAT address).

I read that you could leave the VNC Viewer in listen mode on PC1, but how do you do this via a zebedee tunnel?
And how do you contact the PC1 (work) from PC2 (home) given there is no IP to call?

Is Nat2Nat useful for this?
Can anyone suggest something to try? I can set-up any brigde or 'negotiation' program on PC2 (which has free access to internet with real IP), but I don't know which flavour of UVNC I should try!

Thanks

[Sergio]

I hope this idea helps you ...

1) Use the Scheduler to initiate a reverse connection through the Zebeedee tunnel, every "x" minutes from your PC1 (work)
Command: winvnc -connect host::port

2) When you need to connect, run the vncviewer in listen mode on PC2 (home)
Command: vncviewer -listen port

Then, wait until the reverse connection is launched by the Scheduler, and ... voila !!! you will be controlling your work PC (PC1) from your home PC (PC2) !!!

Remember to stop the listening demon once you get connected.

For details on command line options, read the doc site http://doc.uvnc.com/install/cmdline.html

Hope this Helps ...

[sbest]

You can accomplish the "bridge" idea you describe with EchoVNC. Simply install it on both ends of your VNC connection, and run the echoServer on "PC2" (on whatever port you want). Login to the echoServer from both ends of the connection, and PC2 becomes a transparent "bridge" between the two ends of the VNC connection.

Hope that helps!

-Scott

[Guest]

Hi.
Sergio, thanks. I tried your suggestions.
But I have difficulties in starting the server on PC1 via Zebedee (basically it does not seem to work), i.e. I cannot make your point n.1 work.

I simply tried this zedebee file calling it:
c:/temp/zebedee -f c:/temp/server.zbd

This is the result:
c:/temp/zebedee(3416/4756): Starting ULTRA VNC server
c:/temp/zebedee(3416/4756): ERROR: can't create listener socket
c:/temp/zebedee(3416/4756): ERROR: server can't listen on port 11965

This is the file server.zdb:
################################################
# zebedee file server.zbd
################################################
verbosity 1 # Basic messages only

server true # It's a server
detached true # Detach from terminal

# proxy/firewall server
httpproxy myproxyserver:8080

# call the tunneled WinVnc application
command '"c:\vnc\UltraVNC100\winvnc.exe -connect PC2_ip:5902" localhost:5902'

message "Starting ULTRA VNC server"

# end zebedee file server.zbd
################################################


I could not find any example files on how to start a VNC server on the zebedee manual.
I simply tried to adapt from my viewer.zdb (which in itself works perfectly).


The viewer I have for PC1->PC2 connections is:
(this is taken almost as is from the zebedee manual)

################################################
# zebedee file viewer.zbd
################################################
verbosity 1 # Basic messages only

server false # It's a viewer
detached true # Detach from terminal

# proxy/firewall server
httpproxy myproxyserver:8080

# call the tunneled WinVnc application
command '"c:\vnc\UltraVNC100\vncviewer.exe" localhost:5900'

message "Starting ULTRA VNC viewer"

# end zebedee file viewer.zbd
################################################


For connections PC1->PC2, I simply use this method:
- on PC2 run zebedee server (i.e. zebedee.exe -s)
- on PC2 run the Winvnc server
- on PC1 call the file c:/temp/zebedee -f c:/temp/viewer.zbd
and the connection is established via the zebedee tunnel and I can control PC2 from PC1.

Hope this give some hints or further thoughts for other suggestions.


P.S: Scott, I am sorry but I am looking for a free solution. I am not interested in testing shareware.

[sbest]

You wouldn't be testing it, you'd be using it. And the echoServer at demo.echovnc.com is totally free (as in beer).
But hey, feel free to keep noodling with Zebedee. I use it a lot; it's great software.

-Scott

[Sergio]

# call the tunneled WinVnc application
command '"c:\vnc\UltraVNC100\winvnc.exe -connect PC2_ip:5902" localhost:5902'

I have used Zebedee just for testing purposes, but ... I think that, once the Zebedee tunnel is already stablished, the correct winvnc command line would be:

command '"c:\vnc\UltraVNC100\winvnc.exe -connect" localhost:5902'

Why ?

From your first post, I supose you can stablish a tunnel between PC1 and PC2 ... so, once the tunnel is "running", the PC2 IP is irrelevant ... Both vnc server and vnc viewer must connect to localhost to use the Zebedee tunnel. So the connection is:

PC1 <--> Zebedee client <-->Zebedee tunnel <--> Zebedee server <--> PC2

Then, you launch the vncviewer on PC2, using:

vncviewer.exe -listen 5902

Now you should have:

PC1 <--> Zebedee client <-->Zebedee tunnel <--> Zebedee server <--> Viewer listening on PC2

Then, you wait until the vnc server initiate the reverse connection:

winvnc.exe -connect localhost:5902

Now you should have:

VNC Server on PC1 <--> Zebedee client <-->Zebedee tunnel <--> Zebedee server <--> Viewer on PC2

Of course, sorry but I can not test all this ... is just theory, but should work. The difficult part is stablish the tunnel, and I think you've already done it ...

HTH

PS: be sure the server accept loopback connections ...

Useful links:

Server-Initiated Connections using Zebedee: clienthost and listenmode
http://www.winton.org.uk/zebedee/manual.html


Using VNC with Zebedee:
http://faq.gotomyvnc.com/cgi-bin/fom?_recurse=1&file=1

[Guest]

Sergio, unfortunately the line:
command '"c:\vnc\UltraVNC100\winvnc.exe -connect" localhost:5902'

in the server.zdb did not work. No errors when launching the new server.zbd on PC1, but nothing come up. The zebedee tunnel starts ok (I can see it in the task manager) but no winvnc is called at all.
Trying to call it separately (i.e. first lauch zebedee and then manually try to launch the winvnc on localhost) , i.e. launching:
c:\vnc\UltraVNC100\winvnc.exe -connect localhost:5902
I get nothing as well. No errors, the prompt returns as if nothing happened and no Winvnc is visible in the task monitor in PC1.

So I am afraid I cannot use this method...


Scott:
I tried Echovnc. Unfortunately your claims of firewall friendly etc did not work! In fact it seems that the Echovnc program does not work with proxies... which mean when I go and try to inser the echoserver:
demo.echovnc.com I get the error:
the IP Address or DNS you entered cannot be resolved or is invalid.
I think this defeats totally the whole purpose of the external "helper".
If that cannot work with proxies how would you use it to bypass the firewall?
[almost all firewall settings I know of are coupled with proxy servers]

So, back to square one and hopying that when Rudi is back, SCIII might help...

[redge]

try SCIII
viewforum.php?f=23

[Guest]

already done... and reported unsucessfull tests.
Waiting for Rudi to be back from holiday to check logs or do some extra tests

[sbest]

Heya. Sorry for the late reply: I am not sure why "demo.echovnc.com" did not resolve for you. Its static IP address is 65.19.178.123, can you try using that instead?

cheers,
Scott

[Guest]

The "firewall-friendly" echoserver did not work because the DNS server is in a proxy server... and if you don't introduce support for proxies the Echoserver itself is useless (in most cases)!

Tried now with the IP you mentioned and password: "demo2005".

I got first "verifying..." at the bottom of EchoVnc.
After a while a window appeared saying:
"Sorry ... no echoserver could be found at this address. Please check your data and try again".

I am not sure what is the problem, but I can repeat that any communication I make to outside (i.e. also to 65.19.178.123) needs to transit trought the http proxy n the LAN. So if your program does not support proxies (as I read in the documentation) it is useless even attempting to connect!

[sbest]

Yes, if an EchoVNC client is behind a restrictive firewall or web-proxy setup (not "most cases", but pretty common), EchoVNC clients will most likely be unable to connect with echoServers on their default port, TCP 1328. If you are running your own echoServer, you can set it up to run on TCP 443, which is allowed outbound even by some restrictive networks.

Otherwise...the next release of echoWare (used by EchoVNC) will have HTTP proxy support; maybe even SOCKS proxy support.

-Scott

[victor_knight]

I had the EXACT same problem. I used, 'Reverse HTTP Starter'. Not the most elegant solution, but it works.

see VNC-Related products