[CoLoCo] Remote Access

David L. Willson DLWillson at TheGeek.NU
Fri May 9 16:35:00 BST 2008 

On Fri, 09 May 2008 07:22:51 -0600, Kevin Fries wrote
> On Thu, 2008-05-08 at 16:30 -0600, David L. Willson wrote:
> > On Thu, 08 May 2008 15:57:31 -0600, Kevin Fries wrote
> > > On Thu, 2008-05-08 at 10:49 -0600, Andrew wrote:
> > > > You could try using VNC, couldent you? Or does that pose security risks.
> > > > 
> > > > http://www.tightvnc.com/
> > > > 
> > > > It's cross platform too.  But, I don't know much about it.
> > > 
> > > The problem is in gaining access to the machine.  Once that is
> > > accomplished, VNC is a great tool.
> > 
> > OK, I'll go for a second round.  Is there a user at the controlled machine that can
> > initiate an outward connection?  If so, you can put up a vnc-listening-viewer, and they
> > can connect the host to that.
> >
> 
> OK, again, from my original message:
> 
> A <-> FW <-> Internet <-> FW <-> B
> 
> Both firewalls are Nat firewalls.  So machine A might have an address of
> 192.168.1.100 and machine B might have an address of 192.168.0.2.  But
> they are not on the same segment and using addresses that are not able
> to be routed over the Internet.  If either had a public, static IP, VNC
> alone could be a solution.  But, without one side or the other having a
> public IP, neither side can initiate the communication to the other.

But I understood all that.  I frequently support customers that are behind a NAT, when I
am behind a NAT, either at home or at work.  I have simply done the following at work
and at home, set a reservation for my workstation and forwarded port 5500 on a public IP
to port 5500 on my reserved private IP.  When a customer needs some remote assistance, I
start my vnc-listening-viewer, the customer starts their vnc-server, and then they add a
client at my public IP address.  It works great.  There are no changes needed at the
customer firewall, and no significant security problems, because most of the time, my
vnc-listening-viewer isn't listening, and their machine remains just as unreachable from
the Internet as it always was.

David L. Willson
Trainer/Engineer/Consultant
MCT, MCSE, Linux+
(720) 333-LANS

More information about the Ubuntu-us-co mailing list