I want to use Remote Desktop (or VNC) to access my home PC from my work PC. My work PC is inside a firewall that blocks all ports except 80.

Can I use SSH to tunnel port 3389 via port 80? If so how?

Hi Podie, I've done all that (works fine between PCs on my home LAN). The problem is getting through the firewall. RDP uses port 3389 (although this can be changed). My work network blocks all ports except port 80. Using Web Remote Desktop does not help because the ActiveX control it uses still requires access to port 3389.

this is something i also want to do, but at home i have a wireless router, which has the dhcp server running. therefore, i have ip 169.254.0.x which are just internal ip addresses within my home network. how do i connect to the ip i have from my isp, which the router uses and then onto my pc which has real vnc running?
any ideas?

I would suspect you need to use VPN. Blokes from work control their work machines from home. They dial into the corporate network using VPN then use Remote access to take the machine over.

jodypress said:

this is something i also want to do, but at home i have a wireless router, which has the dhcp server running. therefore, i have ip 169.254.0.x which are just internal ip addresses within my home network. how do i connect to the ip i have from my isp, which the router uses and then onto my pc which has real vnc running? any ideas?

Let's assume VNC is listening on port 5800. Get your router to forward port 5800 to your internal PC.

From the remote PC, surf to http://xxx.xxx.xxx.xxx:5800 where xxx.xxx.xxx.xxx is the IP of your router.

This works for me, but not from inside the corp firewall.

Alex said:

jodypress said: this is something i also want to do, but at home i have a wireless router, which has the dhcp server running. therefore, i have ip 169.254.0.x which are just internal ip addresses within my home network. how do i connect to the ip i have from my isp, which the router uses and then onto my pc which has real vnc running? any ideas? Let's assume VNC is listening on port 5800. Get your router to forward port 5800 to your internal PC. From the remote PC, surf to http://xxx.xxx.xxx.xxx:5800 where xxx.xxx.xxx.xxx is the IP of your router. This works for me, but not from inside the corp firewall.

hi alex, i have a buffalo wbr-g54 router and use zonealaram as a firewall (free version) i cannot seem to find any port forwarding in the advanced router setup. any ideas?
jody

marlboro said:

jodypress... The buffalo wbr-g54 only supports port forwarding when using fixed IP addressing. This is quite normal. Specify the client an IP address which is outside the DHCP range (assigned IP address). Once you have fixed addresses you can use the NAT table to translate TCP/UDP ports.

i have tried this, (admitedly with dhcp, but the pc i want to access, is always on and when i do restart it only uses one of three ip's, so i put them all on the nat table.) when i type in the http://xxx.xxx.x.x:5800 nothing happens when i am outside of network. i tried from the laptop and it worked. could this be do to with the mac address security i use on the router to restrict internet access?
thanks
jody

OK, we've established that you can only make connections to port 80. Here's a few suggestions, the suitability of which depends on some factors I don't yet know:-

1. Configure YOUR firewall to forward all incoming connections to port 80 to port 5800 on your home desktop. (firewall may not support this port number change)

2. Compile a custom VNC that listens on port 80, and again setup the firewall to forward port 80 traffic to the appropriate desktop machine.

3. Set up an SSH daemon that listens on port 80, then setup up a 5800->5800 tunnel over it. (Meaning that you connect to localhost:5800 when you want to view pc_at_home:5800)

The flexibility (or not) of the configuration of your home firewall is a big factor in which approach to take.

Having a service listening on port 80 all the time might attract the wrong sort of attention too.

VNC traffic is not encrypted, but at least your password doesn't travel in the clear. Tunnelling it over SSH would still be a good idea.

DHCP on vs. off - depends. My firewall by default always gives the same address out to the same PC, so the fact that you're not using static addresses might not matter.

I'm reluctant to post this, because I'm sure it's too simple to be correct. How about changing the port on which XP's remote desktop listens on to 80 then specify that port when connecting from the client? That's unless you've got an intelligent corporate firewall which detects the non-HTTP nature of the packets.


DJ

JamieBeeston said:

_DJ_ said: I'm reluctant to post this, because I'm sure it's too simple to be correct. How about changing the port on which XP's remote desktop listens on to 80 then specify that port when connecting from the client? That's unless you've got an intelligent corporate firewall which detects the non-HTTP nature of the packets. DJ For XP Remote Desktop Port Change http://support.microsoft.com/default.aspx?scid=kb;en-us;306759 For TS Port Change <a href="http://support.microsoft.com/default.aspx?scid=KB;en-us;q187623">http://support.microsoft.com/default.aspx?scid=KB;en-us;q187623</a> To Then specify how to connect to a different remote port. http://support.microsoft.com/default.aspx?scid=kb;en-us;304304

Thanks Jamie - I was going to post the same thing, but thought I'd wait to see whether the idea was shot down in flames, given the complexity of the answered presented earlier on the thread!