Using VNC behind a firewall or a NAT router without public IP available can be a huge challenge for remote control and maintenance tasks. As local networks operate on their own network address space, these IP network addresses are not known to the public Internet and therefore not directly accessible from outside the private network of your company. Typically, companies access and route the Internet connection for their private networks over a single Router/Gateway and Firewall which receives a permanent or a dynamically changing public IP address. This means that a PC with a private network address within your company is able to access any public IP address within the Internet by routing over your companies public IP Gateway/Router, but the other way its not possible to directly access the private IP address within your companies network.
Generally its impossible to directly access a VNC server running behind a Firewall or a NAT Router, but there are several technical possibilities to overcome this challenge.
Port Forwarding
A common method that is used for many different remote access purposes, such as accessing a private address of your webcam from all over the world, is to configure port forwarding on your router/gateway. Port forwarding allows remote computers (for example, computers on the Internet) to connect to a specific computer or service within a private local-area network (LAN). In a typical private network, computers obtain Internet access through a DSL or cable modem connected to a router or network address translator (NAT/NAPT). Hosts on the private network are connected to an Ethernet switch or communicate via a wireless LAN. The NAT device’s external interface is configured with a public IP address. The computers behind the router, on the other hand, are invisible to hosts on the Internet as they each communicate only with a private IP address.
When configuring port forwarding, the network administrator sets aside one port number on the gateway for the exclusive use of communicating with a service in the private network, located on a specific host. External hosts must know this port number and the address of the gateway to communicate with the network-internal service. Often, the port numbers of well-known Internet services, such as port number 80 for web services (HTTP), are used in port forwarding, so that common Internet services may be implemented on hosts within private networks.
Listening VNC Client with public IP
By triggering the connection from inside a private network it is possible to establish a connection to a waiting (listening mode) vnc viewer. With UltraVNC for example you can start the viewer in listening mode by typing ultravnc.exe -listen. The constraint for accessing a listening vnc viewer is of course that the network address of the viewer can be accessed by the server. So the vnc viewer has to run on a public IP address.
Public VNC Repeater:
The same way as Skype or TeamViewer are operating is also possible in combination with VNC. Skype and TeamViewer are routing both connections over a central, globally available server with public IP address. So both sides, the server as well as the client can operate on private IP addresses and connect to each other by using the central server. Within the VNC world this concept/software is called a VNC repeater server. VNC repeater servers are responsible for accepting both connections from VNC clients as well as from VNC servers. Typically the VNC repeater accepts VNC clients/viewers on port 5900 and connections coming from your VNC server on port 5500. Both sides have to agree on a common connection ID in order to enable the VNC repeater to distinguise which viewer connection should be connected with which server connection.
You can find free implementations for VNC repeater software from UltraVNC and another implementation on Google Code.
If you are operating a remote maintenance service its strongly advised to setup your own VNC repeater on your own publicly accessable server!
There are also some free VNC repeaters running online, where you can start to test out such a scenario without setting up your own VNC repeater: http://repeaters.ultravnc.info/
MobileVNC, Windows CE and Windows Embedded Compact VNC Server also supports the automatic reconnect to listening VNC viewers or to VNC Repeaters.
I am curious to find out what blog platform you’re working with? I’m having some minor security issues with my latest blog and I would like to find something more risk-free. Do you have any suggestions?
Every weekend i used to pay a visit this web page, as i wish for enjoyment, for the reason that this this web site conations truly fastidious funny material too.
Undeniably believe that which you stated. Your favorite justification appeared to be on the internet the easiest thing to be aware of. I say to you, I definitely get annoyed while people think about worries that they plainly do not know about. You managed to hit the nail upon the top and defined out the whole thing without having side effect , people could take a signal. Will probably be back to get more. Thanks
Hi there! I’m at work browsing your blog from my new apple iphone! Just wanted to say I love reading your blog and look forward to all your posts! Carry on the outstanding work!
Hi! I’ve been following your weblog for a while now and finally got the courage to go ahead and give you a shout out from Austin Texas! Just wanted to say keep up the good work!
I think that what you published was actually very reasonable. But, what about this? suppose you typed a catchier title? I mean, I don’t want to tell you how to run your website, however suppose you added something that makes people desire more? I mean %BLOG_TITLE% is kinda vanilla. You should look at Yahoo’s front page and watch how they create news titles to get viewers to click. You might add a related video or a related pic or two to get people excited about everything’ve got to say. Just my opinion, it might make your posts a little bit more interesting.
Awesome! Its really amazing paragraph, I have got much clear idea regarding from this article.
If you are going for most excellent contents like myself, simply pay a quick visit this web site every day because it provides quality contents, thanks
Thanks for every other great article. Where else could anybody get that kind of information in such an ideal means of writing? I’ve a presentation subsequent week, and I am at the look for such info.
It’s a shame you don’t have a donate button! I’d definitely donate to this excellent blog! I suppose for now i’ll settle for bookmarking and adding your RSS feed to my Google account. I look forward to new updates and will share this blog with my Facebook group. Chat soon!
Hey there! I’ve been reading your web site for a long time now and finally got the courage to go ahead and give you a shout out from Kingwood Texas! Just wanted to say keep up the excellent job!
Hello! This post could not be written any better! Reading this post reminds me of my previous room mate! He always kept talking about this. I will forward this write-up to him. Fairly certain he will have a good read. Thanks for sharing!
Great post. I was checking continuously this blog and I’m impressed! Very useful information particularly the last part 🙂 I care for such info a lot. I was seeking this certain info for a very long time. Thank you and good luck.
Do you mind if I quote a few of your posts as long as I provide credit and sources back to your weblog? My website is in the very same area of interest as yours and my users would certainly benefit from a lot of the information you present here. Please let me know if this okay with you. Cheers!