Re: Port Forwarding?

---

• From: "Mark Ivey" <wmivey6311@xxxxxxxxxxx>
• Date: Sun, 26 Aug 2007 18:46:51 -0500

---

Thanks for the advice Chuck.

Can you give me some tips on setting up a VPN?

Mark Ivey

"Chuck [MVP]" <none@xxxxxxxxxxx> wrote in message
news:ji03d3huea883bg5s6cdk4qfv5n40rge3e@xxxxxxxxxx

On Sun, 26 Aug 2007 07:31:13 -0500, "Mark Ivey" <wmivey6311@xxxxxxxxxxx>
wrote:

"Chuck [MVP]" <none@xxxxxxxxxxx> wrote in message
news:spt1d3h0fp5ac3oorqndr7ma3v4tl6tbrc@xxxxxxxxxx

On Sat, 25 Aug 2007 21:27:49 -0500, "Mark Ivey" <wmivey6311@xxxxxxxxxxx>
wrote:

I would like to learn more about port forwarding.

I would like to be able to reach my PC from work.

Here is my current setup at home.
Windows XP (Home Edition)
D-Link (DI-514) Wireless Router
WebStar Cable Modem (DPX100 Series)

It is my understanding that I must setup a port forward on my router to
be
able to access my PC from the web. The D-Link model I have refers to
something as a Virtual Server, but nothing about port forwarding. I
would
like to do this, but I am concerned about the security risk involved as
well.

Can anyone educate me more on this topic or send me a link where I could
learn about it more?

TIA...

Mark Ivey

Mark,

The term "Virtual Server" is D-Link speak for port forwarding. You can
forward
any port using the setup on page 21 of the DI-514 manual. You'll have
to
forward to a fixed IP address, so you'll have to disable DHCP for the
server.

But I wouldn't do this, if I were you. Plain old port forwarding (by
any
name)
is notoriously unsafe. The forwarded port will be open to any computer
on
the
Internet. I'd setup a VPN, which creates an encrypted tunnel between a
specific
computer at the other end of the tunnel, and your server. The DI-514
only
supports VPN passthru, so you'll have to setup a VPN client on the
server.
<http://nitecruzr.blogspot.com/search/label/VPN?max-results=100>
http://nitecruzr.blogspot.com/search/label/VPN?max-results=100

Thanks for the information Chuck.

I agree that I need the added security with a VPN. Do you think something
like Real VNC would work well for this connection?


Mark Ivey

Mark,

VNC, in its many different brands (like *nx), is a remote desktop type
product.
It doesn't in itself add any security, just functionality (the ability to
see
the desktop). Now Sooner Al, another MVP who posts here too, will
recommend VNC
over SSH, if you WANT remote desktop access.

The problem with VNC is that it requires you to leave the server
connection up,
just as with any file sharing server connection. With UltraVNC, you can
have
the "server" connect to the client, which is a big help in working through
NAT
routers, but you still have one computer online all of the time, and
exposed.

I use UVNC; I install the clients (remotely supported computers), and have
them
(as "servers") call my network only when necessary. I can activate the
forwarded ports in my router when necessary, and not worry about open
ports in
the clients routers. UVNC and the reverse server technique works when
there are
2 people active, one person at the "server" doing the calling, the other
at the
"client" setting up to receive the call. If you're going to use VNC, you
have
to either leave one end up all of the time, or have a second person
available at
the other end.

The advantage of the VPN is that, once it's established, the tunnel works
only
between the 2 specific computers (end points). For a third computer to
break
into it, it would have to break the multi level authentication and
encryption,
plus spoof its identity.

So yes, you could use VNC, but it will add ability, not security.

--
Cheers,
Chuck, MS-MVP 2005-2007 [Windows - Networking]
http://nitecruzr.blogspot.com/
Paranoia is not a problem, when it's a normal response from experience.
My email is AT DOT
actual address pchuck mvps org.

.

---

• Follow-Ups:
  • Re: Port Forwarding?
    • From: Sooner Al [MVP]
  • Re: Port Forwarding?
    • From: Chuck [MVP]

• References:
  • Port Forwarding?
    • From: Mark Ivey
  • Re: Port Forwarding?
    • From: Chuck [MVP]
  • Re: Port Forwarding?
    • From: Mark Ivey
  • Re: Port Forwarding?
    • From: Chuck [MVP]

• Prev by Date: Re: My computer doesn't find the Internet connection
• Next by Date: Re: mshome is not accessble
• Previous by thread: Re: Port Forwarding?
• Next by thread: Re: Port Forwarding?
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: 1 NIC v. 2 NICS & remote access questions from beginner ... a remote user I would recommend using a secure VPN. ... VPN funcionality I`ll tend to use that, ... the firewall for each service to the SBS server. ... >> assigned to its LAN port. ... (microsoft.public.windows.server.sbs) Re: Cant Telnet ... I have a SBS2000 server at my office with 2 nics, Zyxel prestige DSL modem, ... VPN Software to establish a VPN to my office. ... "Cannot open the VPN connection. ... > standard port for telnet, other service such SMTP VPN will use different ... (microsoft.public.windows.server.sbs) Re: RealVNC ... I use VNC behind server ... Default listening port for RealVNC server that runs on the machine on ... Then there is default Java listening port on port 5800 on the client ... VNC pops "Trying to connect to remote assistant" ... (microsoft.public.windows.server.sbs) Re: VNC behind ISA Server ... On what ports VNC uses, please read the following information from VPN ... A VNC server listens on two ports. ... The exact port numbers depend on the VNC ... Microsoft can make no representation concerning ... (microsoft.public.windows.server.sbs) Re: VPN Client ... To allow VPN, you actually need to open outbound 1723 port on remote client ... Microsoft CSS Online Newsgroup Support ... | not just the server side. ... (microsoft.public.windows.server.sbs)

---

• Windows
• Science
• Usenet

• Archive
• About
• Privacy
• Search
• Imprint

www.tech-archive.net  > Archive  > WinXP  > microsoft.public.windowsxp.network_web  > 2007-08