1

I just implemented tunneling TightVNC + OpenSSH for MS Windows successfully.

The last thing I have to configure is

to deny any remote connections to TightVNC Server and allow local connections from OpenSSH Server only.

Any clue how to do it? Thank you!

enter image description here

DmitryBoyko
  • 77
  • 3
  • 11

1 Answers1

2

Try selecting "Only allow loopback connections". This requires a restart of the service. It appears this does not apply to the web server that serves up the Java client. I usually disable this service anyway.

Verify with the command netstat -an | more and checking which addresses are listening for port 5900. If the change has been applied correctly, only 127.0.0.1 should be listening.

BillThor
  • 27,737
  • 3
  • 37
  • 69
  • Hi! Have I use any IP filter in this case? – DmitryBoyko Apr 01 '16 at 13:54
  • 1
    You shouldn't need one. However a deny filter of 0.0.0.0 239.255.255.255 would cover the full IP range. – BillThor Apr 01 '16 at 13:56
  • Well... TightVNC is a bugged application. I did about 100 tests and IP filtering with Loopbacks is not working correctly. – DmitryBoyko Apr 01 '16 at 14:06
  • 1
    @Dimi You may need to restart after making the settings. With the only loopback setting it should listen only on 127.0.0.1 preventing other devices from connecting. That change usually requires a restart. – BillThor Apr 02 '16 at 00:37