ports & ultra questions

Hello: for using VineVNC (thanks for developing it), with an Airport Extreme Base Station v7.2, in wireless-only mode (WAN is wired to DSL modem, LAN is wireless), I saw advice somewhere that using ports 127 & 128 (or similar low number) were the only ones recommended. But when I tried to put in the port number, base stn said that the port was in use by another app). Same happened when I tried SSH, port 22. So is 5900, or 5500 available with this base station?
-I also saw that there are coding issues with Ultra VNC. Does this hold for the uVNC viewer as well? Should issues (I haven't seen any) disappear if I try tightVNC viewer instead?
Thanks.

Comments

  • JonathanOSXJonathanOSX ForumAdmin admin
    Generally speaking I wouldn't recommend running on a different port. Some people recommend it for security reasons but that is more "security through obscurity" and doesn't really give you any protection.

    If security is important then you need to use encryption (like SSH) to connect to Vine Server (in this case it still runs on port 5900 but you connect through your Router on the SSH port (22). You can manually create a tunnel using the SSH command line or use a viewer (like Vine Viewer) that does this for you.

    Regardless of which port you use, it will need to be forwarded from the router to the specific machine that you want to connect to.

    There shouldn't be any issues connecting from the UltraVNC client to a Vine Server. The reverse requires that you disable the Zlib Hextile encoding since they are incompatible.
  • Thank you for reply, Jonathan. For my clarity, let's review what I think you said, re security:
    -on the ROUTER, I set port forward to 22 for ssh.
    -Having done that, moving to the Vine Server's Mac, I go to sharing prefs and activate ssh port 22 in the firewall settings. Ports 5500, 5800, 5900 also are active for VNC.
    -having done that, I KEEP 5900 (or 5500 or 5800 or whatever) in Vine Server's port.

    Less important, does it matter in Vine Server window, what display name is present (or can I leave blank)?

    And just in passing, in trial runs nearby, I didn't at that time know about the prefs settings (above) in the Mac. Yet it was connected to just fine with just the router set to 5500. Was I lucky or does setting everything up right on the Mac make keeping the connection more likely? (I only tried it out for a few seconds to see if it worked. It did.)

    Thanks.
  • JonathanOSXJonathanOSX ForumAdmin admin
    Router: Yes, forward port 22.
    Firewall: Yes, port 22 should be open (this happens if you enable remote login). No you shouldn't need 5500 or 5900 open anymore.
    Vine Server: Yes, allow this to continue to run on 5900.

    From your CLIENT machine you need to establish a tunnel. If you are running Vine Viewer this is as simple as clicking the "Connect Securely" and entering your Username and password.

    If not using Vine Viewer you will need to use an ssh -L command from a terminal to setup the tunnel to forward a local port to the remote 5900 port. Then you connect to the local port in your VNC viewer.
Sign In or Register to comment.