The college I work at has a hyperactive firewall that blocks outgoing VNC and remote desktop connections, so I haven't currently been able to find a way to connect to my box at home.
Can I change the outgoing port for VNC or RD so I can sneak it past their firewall? use the http port or something? Any way to do this?
Thanks!
Celebrating the 22th anniversary of the UltraVNC: https://forum.uvnc.com/viewtopic.php?t=38031
Update: UltraVNC 1.4.3.6 and UltraVNC SC 1.4.3.6: https://forum.uvnc.com/viewtopic.php?t=37885
Important: Please update to latest version before to create a reply, a topic or an issue: https://forum.uvnc.com/viewtopic.php?t=37864
Join us on social networks and share our announcements:
- Website: https://uvnc.com/
- GitHub: https://github.com/ultravnc
- Mastodon: https://mastodon.social/@ultravnc
- Bluesky/AT Protocol: https://bsky.app/profile/ultravnc.bsky.social
- Facebook: https://www.facebook.com/ultravnc1
- X/Twitter: https://x.com/ultravnc1
- Reddit community: https://www.reddit.com/r/ultravnc
- OpenHub: https://openhub.net/p/ultravnc
Update: UltraVNC 1.4.3.6 and UltraVNC SC 1.4.3.6: https://forum.uvnc.com/viewtopic.php?t=37885
Important: Please update to latest version before to create a reply, a topic or an issue: https://forum.uvnc.com/viewtopic.php?t=37864
Join us on social networks and share our announcements:
- Website: https://uvnc.com/
- GitHub: https://github.com/ultravnc
- Mastodon: https://mastodon.social/@ultravnc
- Bluesky/AT Protocol: https://bsky.app/profile/ultravnc.bsky.social
- Facebook: https://www.facebook.com/ultravnc1
- X/Twitter: https://x.com/ultravnc1
- Reddit community: https://www.reddit.com/r/ultravnc
- OpenHub: https://openhub.net/p/ultravnc
Alternative ports for Viewer
-
SuperTurtle
- 20
- Posts: 48
- Joined: 2006-02-27 11:31
For you viewer, try port 80. (type in the new ip address as
192.168.1.10::80
For the VNC server, you have to make sure that port 80 is opened up on your home box (both your router firewall (if you have one) and also the windows firewall will have to be re-configured here).
Of course, your work machine does have port 80 open, otherwise you would not be able to browse the web. However, some firewalls are smart, and block not only ports, but the “type” of connection. So, you have to try this first, as it does not guarantee that you can connect out.
For the VNC server, launch it on your home machine, and then right click the tray icon, and choose the admin properties…just configure the main port to 80…
If the above don't work, then you will have to try a SSh tunnel...
SuperTurtle
192.168.1.10::80
For the VNC server, you have to make sure that port 80 is opened up on your home box (both your router firewall (if you have one) and also the windows firewall will have to be re-configured here).
Of course, your work machine does have port 80 open, otherwise you would not be able to browse the web. However, some firewalls are smart, and block not only ports, but the “type” of connection. So, you have to try this first, as it does not guarantee that you can connect out.
For the VNC server, launch it on your home machine, and then right click the tray icon, and choose the admin properties…just configure the main port to 80…
If the above don't work, then you will have to try a SSh tunnel...
SuperTurtle
-
SuperTurtle
- 20
- Posts: 48
- Joined: 2006-02-27 11:31
There is no real problem of opening up port 80 and forwarding it to one computer. I mean, if you have a web site running inside your network, you would have to do this. I see NO reason to re-direct this port 80 to some other “random” port for VNC to use. In fact, if you do this, you likely would cause problems for other machines!
Remember, all those other machines on your network right now are punching OUT OF YOUR network when they browse the web and ALL use port 80 now!! So, your router will translate this correctly. I mean, how do all those people punch out of your router now and all use port 80 at the same time now? All office networks typically work this way now (ie:everyone is going out on port80 at the same time). The router will translate BACK to those people THEIR browser requests on port 80. Even the machine that you forward port 80 and 443 to will NOT be effected by this setup.
So, the reason/problem we have to solve is a INCOMING port 80 request, and the router don’t know which machine to send that to because no machine started the request in the first place. So, you must forward that port to a particular machine, but outgoing requests will not be affected….even on the machine running the repeater. My repeater actually runs on a home machine behind a router and network that family users. In fact, the famliy computer run the repater (the repeater is tiny..only 3k of memory). I can use the repeater anywhere and anytime I travel….
So, I recommend you don’t try and translate port 80 to another port. You, can but nothing is really gained. I have the repeater + those 2 ports forwarded to that machine, and people browse and use the web on that same machine all the time out any problems, or effects. Forwarding that port will not mess up that particular machine, nor any other machine on your network that wants to browse OUT to the web.
Remember, to use the repeater, you actually need two ports (one for you to connect to the repeater, and one for the user/victim who needs help to connect to the repeater). Both cannot come into the VNC repeater software on the same port. So, for users, I have them punch out on port 80 to connect to the repeater (this gives them the most possible chance of punching out). The other most common port is the one used for secure web browsing (when the little lock appears on your browser status bar, you are using the ssl port, and that is port # 443). So, we pick the most two commonly open ports. So, I use 443 to punch out with VNCviewer on my notebook. The Single click users punch out on port 80. We both connect to the same public ip address running the repeater.
So, setup single click to use the repeater, and use port 80…
Eg:
-ID 1234567 -connect 192.168.1.1::80 -noregistry
(replace the above 192.168…. with your public ip address, and forward port 80 to your machine on your network that is running the repeater. You also need to forward port 443 to that machine.
For the vncviewer, you will set the “proxiy” to the public ip address, and for the VNC server, you now just type in your ID:1234567
There is no password, and you don’t type in the ip address for the vncserver prompt box. The ID number as set above is really the password you use.
So, when you launch the viewer on you local network, you will connect to your local address on your network running the repeater (actually, it works if you also use your public ip address…but no real need to go out….and loop back to into your system when doing support at your home base). So, I have two support files on my desktop. One VNC config file is called local…and the other is called outsideIP. If I am on the home network, I use the local connection "192.168.1.15", and on the road..I use the other one (public ip). As mentioned, you could *always* use the pubic ip address if you want. Of course, that repeater is running on a different machine that what I use the vncviewer on. (remember to open the 2 ports on the windows firewall if using windows xp to host the repeater).
The end goal here is my users only have to single click, and I never have to tell them to type in some number. Actually, I never actually never have to type one in either. I just click on my vnc config file icon on my desktop. Since I always connect to the same ip address also, then I don’t have to do anything. At home, on the road, or in a coffie shop…I can start a support session with a click on the vnc config file I saved.
Once you get this setup, it really is the only way to fly, and it just so easy for both you, and your users to start a support session. I can say that this approach is near perfect…
SuperTurtle
Remember, all those other machines on your network right now are punching OUT OF YOUR network when they browse the web and ALL use port 80 now!! So, your router will translate this correctly. I mean, how do all those people punch out of your router now and all use port 80 at the same time now? All office networks typically work this way now (ie:everyone is going out on port80 at the same time). The router will translate BACK to those people THEIR browser requests on port 80. Even the machine that you forward port 80 and 443 to will NOT be effected by this setup.
So, the reason/problem we have to solve is a INCOMING port 80 request, and the router don’t know which machine to send that to because no machine started the request in the first place. So, you must forward that port to a particular machine, but outgoing requests will not be affected….even on the machine running the repeater. My repeater actually runs on a home machine behind a router and network that family users. In fact, the famliy computer run the repater (the repeater is tiny..only 3k of memory). I can use the repeater anywhere and anytime I travel….
So, I recommend you don’t try and translate port 80 to another port. You, can but nothing is really gained. I have the repeater + those 2 ports forwarded to that machine, and people browse and use the web on that same machine all the time out any problems, or effects. Forwarding that port will not mess up that particular machine, nor any other machine on your network that wants to browse OUT to the web.
Remember, to use the repeater, you actually need two ports (one for you to connect to the repeater, and one for the user/victim who needs help to connect to the repeater). Both cannot come into the VNC repeater software on the same port. So, for users, I have them punch out on port 80 to connect to the repeater (this gives them the most possible chance of punching out). The other most common port is the one used for secure web browsing (when the little lock appears on your browser status bar, you are using the ssl port, and that is port # 443). So, we pick the most two commonly open ports. So, I use 443 to punch out with VNCviewer on my notebook. The Single click users punch out on port 80. We both connect to the same public ip address running the repeater.
So, setup single click to use the repeater, and use port 80…
Eg:
-ID 1234567 -connect 192.168.1.1::80 -noregistry
(replace the above 192.168…. with your public ip address, and forward port 80 to your machine on your network that is running the repeater. You also need to forward port 443 to that machine.
For the vncviewer, you will set the “proxiy” to the public ip address, and for the VNC server, you now just type in your ID:1234567
There is no password, and you don’t type in the ip address for the vncserver prompt box. The ID number as set above is really the password you use.
So, when you launch the viewer on you local network, you will connect to your local address on your network running the repeater (actually, it works if you also use your public ip address…but no real need to go out….and loop back to into your system when doing support at your home base). So, I have two support files on my desktop. One VNC config file is called local…and the other is called outsideIP. If I am on the home network, I use the local connection "192.168.1.15", and on the road..I use the other one (public ip). As mentioned, you could *always* use the pubic ip address if you want. Of course, that repeater is running on a different machine that what I use the vncviewer on. (remember to open the 2 ports on the windows firewall if using windows xp to host the repeater).
The end goal here is my users only have to single click, and I never have to tell them to type in some number. Actually, I never actually never have to type one in either. I just click on my vnc config file icon on my desktop. Since I always connect to the same ip address also, then I don’t have to do anything. At home, on the road, or in a coffie shop…I can start a support session with a click on the vnc config file I saved.
Once you get this setup, it really is the only way to fly, and it just so easy for both you, and your users to start a support session. I can say that this approach is near perfect…
SuperTurtle
Superturtle - MANY thanks for your detailed reply - and apologies for taking so long to get back to you! I really do appreciate yuor help! In the end after spending hours fooling around with this, I gave up - it seems the firewall at work is ULTRA cautious on this kind of thing, and I only get one attempt per day to sort it out as there's no-one at home to play with settings!
However I did happen across another solution - logmein.com which has solved the basic problem of remote access over a browser for me. They expect you to PAY for the full version which includes other handy things like file-transfer, but it will do for now!
If anyone knows of a web-based solution like this that includes file-transfer for free, let me know!
Regards,
Bill.
However I did happen across another solution - logmein.com which has solved the basic problem of remote access over a browser for me. They expect you to PAY for the full version which includes other handy things like file-transfer, but it will do for now!
If anyone knows of a web-based solution like this that includes file-transfer for free, let me know!
Regards,
Bill.
Last edited by jomtones on 2006-05-24 11:26, edited 2 times in total.
-
SuperTurtle
- 20
- Posts: 48
- Joined: 2006-02-27 11:31
Hum, are you sure the repeater can’t work on port 80?
Drop me a email, and I will send you my SC client. You can give it a try (you don’t need to call me, or even start a remote session with me. Note that the SC client will INSTANLY tell you if you connected to my repeater. In fact, the SC does not know, or care if I even launched the viewer yet. So, it will either show “connected”, and warn you that your desktop is visible to others, or it will show a bubble help saying “connecting…and will time out in 5 minutes. So, you can test my client without me having to launch the viewer.
So, you can instantly tell if Single click can work for you…
Drop me a email, and I will email you my sc client. If it works, then you *can* punch out of your fire wall….
I would be QUITE surprised if you this does not work…
Email me at:
MrTurte@shaw.ca
Drop me a email, and I will send you my SC client. You can give it a try (you don’t need to call me, or even start a remote session with me. Note that the SC client will INSTANLY tell you if you connected to my repeater. In fact, the SC does not know, or care if I even launched the viewer yet. So, it will either show “connected”, and warn you that your desktop is visible to others, or it will show a bubble help saying “connecting…and will time out in 5 minutes. So, you can test my client without me having to launch the viewer.
So, you can instantly tell if Single click can work for you…
Drop me a email, and I will email you my sc client. If it works, then you *can* punch out of your fire wall….
I would be QUITE surprised if you this does not work…
Email me at:
MrTurte@shaw.ca
-
SuperTurtle
- 20
- Posts: 48
- Joined: 2006-02-27 11:31
Sorry, that email was typed wrong!!
the email is
mrturtle@shaw.ca
As for spammers getting the above? Hum...no, their bots don't waste huge amounts of bandwidth trying to harvest email address here because NO one actually posts their email address. It is actually quite safe to do so!!! (now, if everyone did this all the time for each message, then the bots would have a field day here..., but, that is not the case!, and they don’t waste their time here…..
the email is
mrturtle@shaw.ca
As for spammers getting the above? Hum...no, their bots don't waste huge amounts of bandwidth trying to harvest email address here because NO one actually posts their email address. It is actually quite safe to do so!!! (now, if everyone did this all the time for each message, then the bots would have a field day here..., but, that is not the case!, and they don’t waste their time here…..