| LinHES Forums http://forum.linhes.org/ |
|
| VNC server won't allow outside IP address? http://forum.linhes.org/viewtopic.php?f=6&t=8847 |
Page 1 of 1 |
| Author: | phekno [ Mon Mar 06, 2006 12:27 pm ] |
| Post subject: | VNC server won't allow outside IP address? |
I'm trying to VNC into my KnoppMyth machine and it won't connect. I'm sure the problem is that I put Code: -allow 192.168.1. in when I ran the server. The question now is, how do I change it? I would ultimately like to be able to VNC to my machine from anywhere on the internet. The specific error I'm getting in the VNC log is:Code: 06/03/2006 11:57:51 Got connection from client x.x.x.x 06/03/2006 11:57:51 other clients: 06/03/2006 11:57:51 denying client: x.x.x.x does not match 192.168.1. 06/03/2006 11:57:51 Client x.x.x.x gone 06/03/2006 11:57:51 Statistics: 06/03/2006 11:57:51 framebuffer updates 0, rectangles 0, bytes 0 where x.x.x.x is obviously the IP address of the machine I'm trying to connect from. Can I just do Code: -allow all or Code: -allow any ? Or do I have to do Code: allow -x.x. ?
Any help would be greatly appreciated. Thanks, Phekno |
|
| Author: | lordsnooty [ Mon Mar 06, 2006 7:03 pm ] |
| Post subject: | |
How do you start the server? Just drop the parameter from the startup line. I use a vncserver startup script in /etc/init.d, that I cribbed from somewhere else (sorry, can't recall where). This dictates all my starup options. If you lose the parameter, anyone will be able to connect. Though if your box is facing the internet, you should think about running VNC over an SSH tunnel. |
|
| Author: | daggo [ Mon Mar 06, 2006 9:45 pm ] |
| Post subject: | |
Here is a guide on doing VNC over SSH with smoothwall. You should be able to use the info on other firewalls. http://martybugs.net/smoothwall/puttyvnc.cgi |
|
| Author: | phekno [ Wed Mar 08, 2006 8:45 am ] |
| Post subject: | |
Hmmmm....I guess I've never thought of running a Smoothwall firewall. Currently I'm just using a Linksys broadband wireless router primarily for the benefit of the wireless it provides. I do have a seperate machine sitting around that I could use as a firewall. It currently has Slackware on it but I don't see any reason why Smoothwall wouldn't work. I don't remember the command I used to start VNC server. I think I used the x11vnc Wiki page on KnoppMythWiki. Anyway, thanks for your help. |
|
| Author: | ethernut [ Mon Mar 13, 2006 12:39 pm ] |
| Post subject: | |
You can continue to use your linksys at the router. Forward port 22 on the linksys to port 22 on the Myth box. Then use the example on the smoothwall site. I do this almost daily. To secure SSH a bit, put this line in your /etc/ssh/sshd_config and add the specific usernames you want to allow to connect. AllowUsers fred, root, wendy Restart the ssh daemon to apply changes: /etc/init.d/ssh restart |
|
| Author: | afrosheen [ Mon Mar 13, 2006 6:13 pm ] |
| Post subject: | |
One more note about securing ssh. By default, the nimrods who maintain various distros leave the root login enabled. It can be very convenient if you're on a private network, but anything with even a single port (particularly ssh) exposed to the internet is a nice juicy target. All it takes is a simple edit to /etc/ssh/sshd_config to kill this feature. I suggest you do it to every linux distro you own. If you find a line that says PermitRootLogin = yes, change it to = no. That's all it takes. Restart the ssh daemon with /etc/init.d/ssh restart and you're good to go. To their credit, some devs are disabling root logins via ssh now from the default installation, but alot are not. This can be a critical hole. I manage quite a few public linux servers and you wouldn't believe the number of automated ssh attemped logins these servers see every day. It's in the thousands..and generally comes from other misconfigured linux boxen. |
|
| Author: | lordsnooty [ Tue Mar 14, 2006 7:13 am ] |
| Post subject: | |
Consider a tool such as sshdfilter if ssh brute force login attempts are a problem. |
|
| Author: | L0o0ky [ Tue Mar 14, 2006 5:59 pm ] |
| Post subject: | |
phekno wrote: Hmmmm....I guess I've never thought of running a Smoothwall firewall. Currently I'm just using a Linksys broadband wireless router primarily for the benefit of the wireless it provides. I do have a seperate machine sitting around that I could use as a firewall. It currently has Slackware on it but I don't see any reason why Smoothwall wouldn't work. I don't remember the command I used to start VNC server. I think I used the x11vnc Wiki page on KnoppMythWiki. Anyway, thanks for your help.
Here's a suggestion (at least if you are stuck with windows). Look out on the web and find sshvnc (you can probably find it on SF). I found it and have been quite happy with it. Here's how I have mine set up (and I'm not using the default ports which completely stopped the brute-force attacks). laptop running XP --> netgear router forwarding ssh --> to file server (blag linux) --> Knoppmyth. The sshvnc is designed to allow you to tunnel through an existing ssh connection to use VNC. I use it to connect to VNC sessions on the blag machine as well as have the VNC traffic forwarded on to the mythtv box. The setup is pretty easy. L0o0ky |
|
| Page 1 of 1 | All times are UTC - 6 hours |
| Powered by phpBB® Forum Software © phpBB Group http://www.phpbb.com/ |
|