At 12:35 07/02/2008, you wrote:

>Just turn the firewall of will not help. 99% of all home routers will use
>Network Address Translation (NAT) and Port Address Translation (PAT)
>i.e. you got one external/public ip-address on the router and an
>internal ip-address
>on your computer. So if you want to access your computer from internet you
>need to translate the external ip and port in the router to your
>computers ip and
>port. It should be something like "port forward" in the router that
>you need to configure.
>
>/ Jonas

Got to be careful here, I think. I'm no expert, but on my router
which is a fairly old Belkin model, as I recall it says in the config
pages that you can only do port forwarding if you have a fixed IP
address from the ISP.

If I was to tell it a lie to get port forwarding to operate, would I
end up screwing myself by stopping the router asking for DHCP service
from the ISP? I guess it has to do that.

If the OP has a fixed IP address then no problem, but if not be
careful is what I'm saying.

Dave


--
kubuntu-users mailing list
kubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/kubuntu-users

On Feb 7, 2008 2:06 PM, David Fletcher <kubuntu-users@thefletchers.net> wrote:
> At 12:35 07/02/2008, you wrote:
>
> >Just turn the firewall of will not help. 99% of all home routers will use
> >Network Address Translation (NAT) and Port Address Translation (PAT)
> >i.e. you got one external/public ip-address on the router and an
> >internal ip-address
> >on your computer. So if you want to access your computer from internet you
> >need to translate the external ip and port in the router to your
> >computers ip and
> >port. It should be something like "port forward" in the router that
> >you need to configure.
> >
> >/ Jonas
>
> Got to be careful here, I think. I'm no expert, but on my router
> which is a fairly old Belkin model, as I recall it says in the config
> pages that you can only do port forwarding if you have a fixed IP
> address from the ISP.
>
> If I was to tell it a lie to get port forwarding to operate, would I
> end up screwing myself by stopping the router asking for DHCP service
> from the ISP? I guess it has to do that.
>
> If the OP has a fixed IP address then no problem, but if not be
> careful is what I'm saying.
>

Are you sure it not say that you need a fixed address for your computers
on the internal net? All routers i have used has always been able to handle DHCP
on external nic and still use forwarding. On the internal net you probably need
to set a static ip. Add your nics MAC address for at static ip in the
DHCP-Server
config on the router.

/ Jonas

--
kubuntu-users mailing list
kubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/kubuntu-users

At 13:32 07/02/2008, you wrote:

>Are you sure it not say that you need a fixed address for your computers
>on the internal net? All routers i have used has always been able to
>handle DHCP
>on external nic and still use forwarding. On the internal net you
>probably need
>to set a static ip. Add your nics MAC address for at static ip in the
>DHCP-Server
>config on the router.

Certainly it needs fixed IP addresses internally, otherwise you don't
know for sure where to port forward to!

If the router will port forward without having a fixed outside IP
address from the ISP then fair enough you should be able to get it to
work, but the OP will need to know what the dynamic outside IP
address is at the time. Just clicking on http://whatismyip.com/ will
provide this information. Mine is provided by Virgin Media. It only
changes rarely but it does change.

I'll try to find time to look on the setup page on my router when I
get home tonight. That will be in about six hours I expect. It did
have to be flashed a few months (or was it a year or two :-) ) ago so
the port forwarding arrangements might have changed with the new firmware.

Dave


--
kubuntu-users mailing list
kubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/kubuntu-users

A safer way is to tunnel your vnc traffic over SSH.* Set up apache (or keep the Java applet local to the remote machine) and use the Java applet to tunnel to your ssh port (Which my default is NOT 22)* You can even use my applet if you trust it to tunnel.* It's at

https://stinker.serveftp.net

This is actually triple protected (maybe overkill but...)

1. My SSH is on a non-standard port
2. My vnc port is NOT port forwarded so not visible to the internet
3. The whole session runs in a web browser, so no program is needed except for a browser and Java runtime (Yes this works on Windows
guests.

So I goto https://stinker.serveftp.net and load the applet. Then go into FILE, New connection, and set my hostname (Use a free provider if you have dynamic dns (dyndns.org rocks) and enter the SSH port and select "password" authenticate.* Then goto VNC settings and pick "Linux/UNIX host" leave hostname on localhost and set the display the vnc is running on (It automatically adds this to 5900)

I forgot where I got these .jar files but it works cross-site (Like bouncing my applet onto someone elses SSH server that has a VNC server behind firewalls whether its Linux Mac or Windows.* Truly cool.* I did this because there were so many exploits on VNC back in the day (And may still be... Did they ever get rid of the 6 character max pass length?)

Of course I wouldn't trust using my applet as I guess it could be set to harvest ssh usernames and
passwords (Which I don't) but if you can find the Java pieces and set up apache and ssh you can host it on one machine and use it to get to all/any other machine without opening all the VNC server ports to the internet.

Joel.
--
kubuntu-users mailing list
kubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/kubuntu-users

David McGlone wrote:

> On Wednesday 06 February 2008 2:54:03 am Johnny Ernst Nielsen wrote:
>> onsdag den 6. Februar 2008 kvad Andrew Jarrett:
>> > Not sure what port vnc uses.
>>
>> 5900 I think is the "standard".
>
> You're right. 5900 is what is in the configuration as default.
>
Strictly speaking 5900+$DISPLAY, I think, but the OP will likely always be
using display 0.
--
derek


--
kubuntu-users mailing list
kubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/kubuntu-users

Jonas Norlander wrote:
> So if you want to access your computer from internet you
> need to translate the external ip and port in the router to your
> computers ip and
> port. It should be something like "port forward" in the router that
> you need to configure.
>
> / Jonas
>
>
David M.,
If you need to know how to forward the port, this website covers how
this is achieved in most routers:
http://www.portforward.com/english/routers/port_forwarding/routerindex.htm

According to that site, VNC requires ports 5500, 5800 and 5900 to be open.

Cheers,
Ranmadhu


--
kubuntu-users mailing list
kubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/kubuntu-users

On Thursday 07 Feb 2008, David Fletcher wrote:
> If the router will port forward without having a fixed outside IP
> address from the ISP then fair enough you should be able to get it to
> work, but the OP will need to know what the dynamic outside IP
> address is at the time. Just clicking on http://whatismyip.com/ will
> provide this information. Mine is provided by Virgin Media. It only
> changes rarely but it does change.
>

I just got the manual out and had a read. On this router (Belkin FSD5230-4)
the setup page is titled "Virtual Server" but it looks like Port Forwarding
by another name. The manual states <quote> Your WAN interface must use a
fixed IP address to utilize the virtual server function <unquote>.

It may just be that the Port Forwarding would work just fine, so long as the
user attempting to access it from outside knows what your dynamic IP address
is at the time. I might have a play with this, see if can ssh into my home
server form work.

Dave



--
Registered Linux user number 393408

I use and recommend the email service at 1 & 1
For domain registration, email and web hosting please visit:
http://oneandone.co.uk/xml/init?k_id=6389763

--
kubuntu-users mailing list
kubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/kubuntu-users

On Feb 7, 2008 4:51 PM, David Fletcher <kubuntu-users@thefletchers.net> wrote:
> On Thursday 07 Feb 2008, David Fletcher wrote:
> > If the router will port forward without having a fixed outside IP
> > address from the ISP then fair enough you should be able to get it to
> > work, but the OP will need to know what the dynamic outside IP
> > address is at the time. Just clicking on http://whatismyip.com/ will
> > provide this information. Mine is provided by Virgin Media. It only
> > changes rarely but it does change.
> >
>
> I just got the manual out and had a read. On this router (Belkin FSD5230-4)
> the setup page is titled "Virtual Server" but it looks like Port Forwarding
> by another name. The manual states <quote> Your WAN interface must use a
> fixed IP address to utilize the virtual server function <unquote>.
>
> It may just be that the Port Forwarding would work just fine, so long as the
> user attempting to access it from outside knows what your dynamic IP address
> is at the time. I might have a play with this, see if can ssh into my home
> server form work.
>
> Dave

Yep, that's it. I, too, have a Belkin router and the "Virtual Server"
section is what you want. You need to make sure that your
mother-in-law has a static IP so that the traffic will always go to
her computer. Just give it a name, set the internal IP, and set the
port and you're ready to go.

Andrew

--
45 5F E1 04 22 CA 29 C4 93 3F 95 05 2B 79 2A B2

--
kubuntu-users mailing list
kubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/kubuntu-users

On Thursday 07 Feb 2008, Andrew Jarrett wrote:
>
> Yep, that's it. I, too, have a Belkin router and the "Virtual Server"
> section is what you want. You need to make sure that your
> mother-in-law has a static IP so that the traffic will always go to
> her computer. Just give it a name, set the internal IP, and set the
> port and you're ready to go.
>
> Andrew

Seems to work for me. I set the router to forward port 22 to my home server
and set iptables to accept port 22 from the fixed IP address of the server at
work. Used ssh to log in to the server at work from my desktop then back
again to my current IP address at home, which worked.

So, yes, it seems to be OK to set up port forwarding on a router with a
dynamic IP address, so long as you know what the ISP has set the address to
at any time. I'll set stronger passwords, though, before I think about
setting up the arrangement permanently.

Dave


--
Registered Linux user number 393408

I use and recommend the email service at 1 & 1
For domain registration, email and web hosting please visit:
http://oneandone.co.uk/xml/init?k_id=6389763

--
kubuntu-users mailing list
kubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/kubuntu-users

On Thursday 07 February 2008 4:20:58 pm Ranmadhu wrote:
> Jonas Norlander wrote:
> > So if you want to access your computer from internet you
> > need to translate the external ip and port in the router to your
> > computers ip and
> > port. It should be something like "port forward" in the router that
> > you need to configure.
> >
> > / Jonas
>
> David M.,
> If you need to know how to forward the port, this website covers how
> this is achieved in most routers:
> http://www.portforward.com/english/routers/port_forwarding/routerindex.htm
>
> According to that site, VNC requires ports 5500, 5800 and 5900 to be open.

Thanks Ranmadhu, I'll check this out.

I spent my day installing Kubuntu on yet another computer. 4 people I've got
using Kubuntu in the last 3 weeks. So far they are happy.

--
David M.

--
kubuntu-users mailing list
kubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/kubuntu-users