Which ports are needed - really?

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

Which ports are needed - really?

Geoff Hoffman-2
Hey so thanks for making TightVNC. Installed on Windows 7 and it Worked like a charm. 

My only question is, I noticed that upon install, TightVNC Server created two new Windows firewall rules: UDP - allow all ports, TCP - allow all ports. This seems a bit much. What ports does this software need open, really?

Thanks,
Geoff




------------------------------------------------------------------------------
EditLive Enterprise is the world's most technically advanced content
authoring tool. Experience the power of Track Changes, Inline Image
Editing and ensure content is compliant with Accessibility Checking.
http://p.sf.net/sfu/ephox-dev2dev
___________________________________________________________
TightVNC mailing list, [hidden email]
To change your subscription or to UNSUBSCRIBE, please visit
https://lists.sourceforge.net/lists/listinfo/vnc-tight-list
Reply | Threaded
Open this post in threaded view
|

Re: Which ports are needed - really?

Arfin Greebly

Geoff,

The primary inbound port is 5900 on a Windows machine.  The secondary
inbound Java-via-browser port is 5800.

For outbound (listen mode) server connections I'm not completely sure.

If your firewall rules *for VNC only* are set to "all ports" then I
wouldn't worry about it, because the firewall should not block VNC if it
goes "off port" to establish its session.  VNC listens on 5900 & 5800 for
connections, but it may open other ports to actually sustain the session.

I rather imagine it does, because it continues to listen on 5900 even
while the session is active, and this allows multiple viewers to connect.

Constantin will know what specific port ranges *must* be open.


Also, I might point out that, when hosting VNC on a Linux/Unix box, the
usual litening port range starts at 5901 (for binary client) & 5801
(for browser/Java), as it is customary for the Unix world to share only
non-zero displays.

(Dislay zero, written :0, is the primary session display, the one that
shows on the physical screen.  Diplay zero is the only one Windows has to
offer.  Linux/Unix, being true multi-user, can have an arbitrary number of
display sessions.)


You can try limiting VNC on windows to 5900 & 5800 in the firewall
settings.  If you do that, I'd like to hear how that works, since I have
never done that myself.


~~ Garry


----- On Tue, 7 Jun 2011, Hoffman, Geoff wrote: -----

>
> Hey so thanks for making TightVNC. Installed on Windows 7 and it Worked
> like a charm.
>
> My only question is, I noticed that upon install, TightVNC Server
> created two new Windows firewall rules: UDP - allow all ports, TCP -
> allow all ports. This seems a bit much. What ports does this software
> need open, really?
>
> Thanks,
> Geoff
>

------------------------------------------------------------------------------
EditLive Enterprise is the world's most technically advanced content
authoring tool. Experience the power of Track Changes, Inline Image
Editing and ensure content is compliant with Accessibility Checking.
http://p.sf.net/sfu/ephox-dev2dev
___________________________________________________________
TightVNC mailing list, [hidden email]
To change your subscription or to UNSUBSCRIBE, please visit
https://lists.sourceforge.net/lists/listinfo/vnc-tight-list
Reply | Threaded
Open this post in threaded view
|

Re: Which ports are needed - really?

Constantin Kaplinsky
In reply to this post by Geoff Hoffman-2
Hello Geoff,

>>>>> Hoffman, Geoff wrote:

> Hey so thanks for making TightVNC. Installed on Windows 7 and it Worked like
> a charm.

Thank you!

> My only question is, I noticed that upon install, TightVNC Server created
> two new Windows firewall rules: UDP - allow all ports, TCP - allow all
> ports. This seems a bit much. What ports does this software need open,
> really?

Well, if I understand correctly, it allows all ports only for the
specific TightVNC binaries. Thus, it's not like your system would be
open for connections on all ports. It's the rules for TightVNC binaries
only.

The default ports are 5900 and 5800 for the server part, and the viewer
can listen for reverse connections on port 5500 by default. However,
that's the defaults, and you have full power to use whatever port
numbers you like. That's why it might be a bad idea to enable the
default ports only.

As for UDP ports, that part of the rule may be removed -- TightVNC does
not use UDP at the moment.

--
Best Regards,
Constantin Kaplinsky
GlavSoft LLC

-----------------------------------------------------------------
Follow TightVNC on Twitter:   http://www.twitter.com/tightvnc
Purchase technical support:   http://www.tightvnc.com/support.php
-----------------------------------------------------------------

------------------------------------------------------------------------------
Simplify data backup and recovery for your virtual environment with vRanger.
Installation's a snap, and flexible recovery options mean your data is safe,
secure and there when you need it. Data protection magic?
Nope - It's vRanger. Get your free trial download today.
http://p.sf.net/sfu/quest-sfdev2dev
___________________________________________________________
TightVNC mailing list, [hidden email]
To change your subscription or to UNSUBSCRIBE, please visit
https://lists.sourceforge.net/lists/listinfo/vnc-tight-list