Multi-Platform Remote Control08/23/2001
So far this year, I've been concentrating on protecting your FreeBSD system by using permissions and creating firewall rules. In the next series of articles, I'd like to take a look at some of the ways you can use your FreeBSD computer to share resources and access other computers in your LAN.
In today's article, I'd like to take a look at VNC, the Virtual Network Computing project from ATT Laboratories. With VNC, you can access the desktop of any PC in your network, regardless of the operating system it is using. For example, from your FreeBSD computer you can access the desktop of a Windows 95/98/ME computer; an NT Workstation or Server; another FreeBSD computer, a Linux, SCO or Solaris system; or a Windows 2000 Professional or Server computer. You will be able to do anything from that desktop as if you were physically at the other machine. The reverse is also true, meaning you can access your FreeBSD computer from any of the above listed operating systems.
This functionality is extremely handy if you are an administrator of a network, as you can check the status and change the configurations of any PC in your network without leaving your desk. In my home network, I've found it to be an economic alternative to a KVM switch when I had more PCs than monitors and mice. As an instructor, it's an invaluable teaching tool as I can have the desktops of several operating systems minimized in my menubar.
Because of its functionality and ease of use, you may want to consider running VNC only on your local LAN. It's one thing for you to be able to access any of your PCs, but you probably wouldn't want to give that functionality to a stranger. VNC does have some built-in security measures, and I'll point them out as we come across them.
In my home LAN, I have the following computers:
- 10.0.0.1 running FreeBSD 4.3-Release
- 10.0.0.2 running Win98 Second Edition
- 10.0.0.3 running NT 4 Server
In today's demonstration, I won't be going through the firewall on my other FreeBSD computer, so I won't have to change my ruleset. Also, all PCs on my LAN have already been set up for Internet connectivity, so I can build VNC on each of them.
Let's start by installing VNC. On the FreeBSD computer I built the port by typing:
su Password: cd /usr/ports/net/vnc make install clean
On the 98 and NT PCs, I used my Web browser to navigate to:
While I was there, I read the interesting introduction on the benefits of using VNC, then I proceeded to the download page. I chose to download "Windows 9x/2000/NT (Intel Win32)" and filled in my name and e-mail address. Then I downloaded the zipped version and used "Winzip" to unzip it.
The unzipping process resulted in a folder called
vnc_x86_win32, which contains two subfolders called
winvnc. Like any other TCP/IP application, VNC contains two components: a server and a client (also known as the viewer). You use the viewer to access another PC; however, that PC must be running the server so it can listen for and authorize the connection.
I want to start by accessing the NT desktop, so on the NT machine, I'll doubleclick on the
winvnc folder, then doubleclick on
Setup.exe. I receive a warning to ensure that at least Service Pack 3 is installed; if you're running NT without a Service Pack, shake your head in shame then proceed to Microsoft's Web site to download the latest Service Pack.
Also in FreeBSD Basics:
Then I follow through the prompts to finish the installation of the VNC server. If I now go to Start-->Programs, I have a new heading for VNC that contains all of the server tools. I'll click on "Run WinVNC (App Mode)," which will bring up the "WinVNC: Current User Properties" box. This box contains a section to type in a password, which is VNC's first security feature. If you just press OK without typing in a password, you'll receive a warning that WinVNC will not accept any incoming connections until you set the password.
This password is used to authorize connections to the computer running the VNC server. If a user knows the password, he will have access to that computer; his permissions will be the same as the user who started the VNC server. For example, on my NT box, I'm currently logged in as administrator, which is the equivalent of the root account in FreeBSD. Accordingly, I'll probably want to set a unique and difficult password to prevent users other than myself from gaining administrative access through VNC.
I'll type in the password and press OK. I now have a VNC icon in my system tray next to the clock. If I right-click this icon, I can view the properties, kill any clients or stop the VNC server.
Let's see if I can access the NT server from the FreeBSD computer. When I installed the VNC port, the server component called "vncserver" and the client component called "vncviewer" were installed. Additionally, all of the VNC documentation was installed into
/usr/X11R6/share/doc/vnc. This documentation is well-written and is worth reading even if you don't have any problems using VNC.