[CS-FSLUG] A couple things - VNC through router

Frank Bax fbax at sympatico.ca
Thu Mar 19 19:36:07 CDT 2009 

Chad Fluegge wrote:
> Also, I have question regarding VNC... The first thing that happens in 
> our shop when someone wants something burnt, is they send the file to 
> our email address. Then we download the file to our computer. Then using 
> various applications - Solidworks, alibre, cuttingshop, Ncell, iRemote, 
> iReport - we prep the file to be burnt and then send it off to the laser 
> to be burnt. All our computers are behind a Router/Firewall. Is using 
> VNC a feasible way to do all this work remotely? The reason I ask is 
> because some of the programs are somewhat graphics intensive at times, 
> depending on how intricate the part is. If it is a feasible way, how do 
> I set it up? I have used VNC before, but only in a local setting - eg 
> from one local computer to another. Do I have to setup port forwarding 
> in the router in order to set this up?


In this situation, VNC is better than remote desktop (rdp); because rdp 
will send every video change to remote system; whereas vnc only sends 
periodic changes.  Although you can setup port-forwarding on your router 
to handle vnc, this will not be a secure connection; and the traffic can 
be monitored.  A better solution is to use an encrypted tunnel and then 
run vnc over it.  ssh can be used for the tunnel; in which case you only 
forward port 22 to a Linux machine and do authentication there.  Once 
the tunnel is established, then start vnc.  If you use TightVNC, this is 
probably the most asked scenario on the mailing, so read the archives.

When it comes time to make remote connection; a Linux machine (like 
yours at home) can make the connection to remote system with a one-line 
command.  This is because vncviewer on Linux supports a -via option 
which will setup/use an ssh tunnel.  If the remote system in WinXP; then 
you must use something like PuTTY to setup the tunnel (doable, but 
tricky to setup and to use); then run vncviewer over the tunnel.

I have sites where we installed routers that support OpenWRT; in this 
case the router can be the target of tunnel (so you don't need to 
forward port 22 to another Linux box).

Finally; if the office is on a dynamic ip address, you'll need a service 
like dyndns.org to monitor the changes in ip address; so you'll know 
where to target your vnc connection.

Frank

More information about the Christiansource mailing list