woes with accessing vnc over firewall: NoRouteToHostException

i'm trying to access my home network from work where there is a
restrictive firewall and i run into the NoRouteToHostException java
error. i am able to reach my home computer and i do get the vnc logon
page however after i type in my password i get the abovementioned
error. at the same, if i try to connect to my setup from inside my
home network everything works fine.

here's the setup i have:

vnc server is running on redhat linux display :25. (utilizing ports
5825 and 5925)

rinetd is running as a daemon with the following configuration file:

/etc/rinetd.conf:

192.168.1.105 80 localhost 5825


so basically i'm forwarding all requests to machine 192.168.1.105 port
80 to go to the same machine's port 5825.

my router is configured to port forward all requests for port ranging
from 5800-6000 to the 192.168.1.105 machine.


i'm beginning to suspect that it is not enough to forward 80 -> 5825
since the java-portion of this runs on 5925. but how do i set that up
when the only incoming available port is 80. i can't forward from 80
to both 5825 and 5925 can i?


thanks for any help.

> i'm beginning to suspect that it is not enough to forward 80 -> 5825
> since the java-portion of this runs on 5925. but how do i set that up
> when the only incoming available port is 80. i can't forward from 80
> to both 5825 and 5925 can i?

You could set up a SOCKS or SSH server to listen on port 80 of your home
box. Both of those allow you to combine multiple connections into one at
the client end, and then demultiplex them at the server end.

SSH would be greatly preferable but SOCKS would also work.

--
To reply by email, replace "deadspam.com" by "alumni.utexas.net"

"mike melamed" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed) om...
> i'm trying to access my home network from work where there is a
> restrictive firewall and i run into the NoRouteToHostException java
> error. i am able to reach my home computer and i do get the vnc logon
> page however after i type in my password i get the abovementioned
> error. at the same, if i try to connect to my setup from inside my
> home network everything works fine.
>
> here's the setup i have:
>
> vnc server is running on redhat linux display :25. (utilizing ports
> 5825 and 5925)
>
> rinetd is running as a daemon with the following configuration file:
>
> /etc/rinetd.conf:
>
> 192.168.1.105 80 localhost 5825
>
>
> so basically i'm forwarding all requests to machine 192.168.1.105 port
> 80 to go to the same machine's port 5825.
>
> my router is configured to port forward all requests for port ranging
> from 5800-6000 to the 192.168.1.105 machine.
>
>
> i'm beginning to suspect that it is not enough to forward 80 -> 5825
> since the java-portion of this runs on 5925. but how do i set that up
> when the only incoming available port is 80. i can't forward from 80
> to both 5825 and 5925 can i?
>
>
> thanks for any help.

If your business has a device (could be either an IPS, a firewall or combo)
that does not allow non-http traffic over port 80 you are screwed.

>
> "mike melamed" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed) om...
> > i'm trying to access my home network from work where there is a
> > restrictive firewall and i run into the NoRouteToHostException java
> > error. i am able to reach my home computer and i do get the vnc logon
> > page however after i type in my password i get the abovementioned
> > error. at the same, if i try to connect to my setup from inside my
> > home network everything works fine.
> >
> > here's the setup i have:
> >
> > vnc server is running on redhat linux display :25. (utilizing ports
> > 5825 and 5925)
> >
> > rinetd is running as a daemon with the following configuration file:
> >
> If your business has a device (could be either an IPS, a firewall or combo)
> that does not allow non-http traffic over port 80 you are screwed.

Right. In that case he'd have to use one of the HTTP tunnelling
schemes, such as corkscrew or httptunnel.

--
To reply by email, change "deadspam.com" to "alumni.utexas.net"

Andrew Schulman <(E-Mail Removed)> wrote in message news:<(E-Mail Removed)>...
> > i'm beginning to suspect that it is not enough to forward 80 -> 5825
> > since the java-portion of this runs on 5925. but how do i set that up
> > when the only incoming available port is 80. i can't forward from 80
> > to both 5825 and 5925 can i?
>
> You could set up a SOCKS or SSH server to listen on port 80 of your home
> box. Both of those allow you to combine multiple connections into one at
> the client end, and then demultiplex them at the server end.
>
> SSH would be greatly preferable but SOCKS would also work.

would this require me to install ssh on the client side as well? i
would like to keep to just using internet explorer from work without
installing any additional software.

> > > i'm beginning to suspect that it is not enough to forward 80 -> 5825
> > > since the java-portion of this runs on 5925. but how do i set that up
> > > when the only incoming available port is 80. i can't forward from 80
> > > to both 5825 and 5925 can i?
> >
> > You could set up a SOCKS or SSH server to listen on port 80 of your home
> > box. Both of those allow you to combine multiple connections into one at
> > the client end, and then demultiplex them at the server end.
> >
> > SSH would be greatly preferable but SOCKS would also work.
>
> would this require me to install ssh on the client side as well? i
> would like to keep to just using internet explorer from work without
> installing any additional software.

If you use ssh it would, but if you set up a SOCKS server on the remote
host, then all you'll have to do is change your proxy settings in IE,
and tell it you're using a SOCKS server on remote_host:80. However,
this setting will then apply to _all_ of your IE browsing. If you want
to turn it on for just one session, then you have to dig all the way
down into the IE options dialogs, turn it on, run your session, and then
go all the way back in and turn it off again. Not convenient. However,
if this is important to you and something you would use a lot, you might
look into a network profile manager, which will switch you back and
forth quickly between various sets of network settings, e.g. proxy
settings. I know there are some of these for Windows, although no names
come to mind right now.


--
To reply by email, change "deadspam.com" to "alumni.utexas.net"

> > > > i'm beginning to suspect that it is not enough to forward 80 ->
5825
> > > > since the java-portion of this runs on 5925. but how do i set that up
> > > > when the only incoming available port is 80. i can't forward from 80
> > > > to both 5825 and 5925 can i?
> > >
> > > You could set up a SOCKS or SSH server to listen on port 80 of your home
> > > box. Both of those allow you to combine multiple connections into one at
> > > the client end, and then demultiplex them at the server end.
> > >
> > > SSH would be greatly preferable but SOCKS would also work.
> >
> > would this require me to install ssh on the client side as well? i
> > would like to keep to just using internet explorer from work without
> > installing any additional software.
>
> you might
> look into a network profile manager, which will switch you back and
> forth quickly between various sets of network settings, e.g. proxy
> settings. I know there are some of these for Windows, although no names
> come to mind right now.

OR switch your browser to Mozilla Firefox, and install the SwitchProxy
extension, which allows you to do this easily from a context menu.

--
To reply by email, change "deadspam.com" to "alumni.utexas.net"

mike melamed wrote:

> i'm trying to access my home network from work where there is a
> restrictive firewall and i run into the NoRouteToHostException java
> error. i am able to reach my home computer and i do get the vnc logon
> page however after i type in my password i get the abovementioned
> error. at the same, if i try to connect to my setup from inside my
> home network everything works fine.

If you can identify a good business reason why you should be able to
access your home computer from work, I'm sure your boss will allow your
network administrator to enable access for you.

If you persist in trying to break what is obviously company policy,
you'd better watch your back.

--

------------------------------------

Real email to mike. The header email is a spam trap and you will be
blacklisted,
submitted to anti-spam sites and proably burn in hell.

mike melamed wrote:
> Andrew Schulman <(E-Mail Removed)> wrote in message news:<(E-Mail Removed)>...
>
>>>i'm beginning to suspect that it is not enough to forward 80 -> 5825
>>>since the java-portion of this runs on 5925. but how do i set that up
>>>when the only incoming available port is 80. i can't forward from 80
>>>to both 5825 and 5925 can i?
>>
>>You could set up a SOCKS or SSH server to listen on port 80 of your home
>>box. Both of those allow you to combine multiple connections into one at
>>the client end, and then demultiplex them at the server end.
>>
>>SSH would be greatly preferable but SOCKS would also work.
>
>
> would this require me to install ssh on the client side as well? i
> would like to keep to just using internet explorer from work without
> installing any additional software.

IIRC, TightVNC can be run as an applet, so that a port tcp/80
connection should suffice. Never tried it, though.

It sounds like a task for a firewall-penetrator, like corkscrew.

Tauno Voipio
tauno voipio (at) iki fi

Mike <(E-Mail Removed)> wrote in message news:<cif572$mc5$(E-Mail Removed)>...
> mike melamed wrote:
>
> > i'm trying to access my home network from work where there is a
> > restrictive firewall and i run into the NoRouteToHostException java
> > error. i am able to reach my home computer and i do get the vnc logon
> > page however after i type in my password i get the abovementioned
> > error. at the same, if i try to connect to my setup from inside my
> > home network everything works fine.
>
> If you can identify a good business reason why you should be able to
> access your home computer from work, I'm sure your boss will allow your
> network administrator to enable access for you.
>
> If you persist in trying to break what is obviously company policy,
> you'd better watch your back.

i was not looking for a lesson in morality i was looking for a way to
access my home computer from a restrictive firewall system. it sounds
like http tunneling will accomplish that task. thanks to all that
replied with suggestions. let's keep the bosses out of it, shall we?