大家都在討論 如何封鎖 TeamViewer
而我卻是希望使用 TeamViewer 於遠端維護
由於工廠設備都不需要上網功能, 因此我防火牆預設全部阻擋.
只開啟 DNS : 168.95.192.1 (Hinet DNS)
DNS : 8.8.8.8 (Google DNS)
請問還做哪些設定才能夠順利使用 TeamViewer 連線, 其他應用皆阻擋呢?
剛好前陣子也有類似的需求,因網路上找不到相關的資訊,於是就寫信問TEAMVIEWER原廠,對方的回覆解決了我問題,給你參考:
Thank you for your message.
Unfortunately, we do not have a fixed IP-Range of our Servers. Our network is very dynamic and constantly growing; therefore, it wouldn't make any sense to deploy a list of our IP-Addresses.
However, there are 2 options to unblock TeamViewer:
- General unlocking of Port 5938 TCP for outgoing connections. (recommended)
Port 5938 is only used by a few programs and therefore is no security risk. This traffic should then neither be filtered nor cached.
- Unlocking of URLs of the following formats (to any Server)
GET /din.aspx?s=…&client=DynGate…
GET /dout.aspx?s=…&client=DynGate…
POST /dout.aspx?s=…&client=DynGate…Independent from the chosen method:
Please also check that no content filter or similar is blocking one of the following URLs:
*.teamviewer.com
*.dyngate.comIf you have any further questions please do not hesitate to contact us.
因為 TeamViewer 的設計目的是電腦可以上網,就可以被遠端遙控,那被控端就等於必須可以上網。
如果您不希望讓被控端可以上網,那您應該改用像VNC(port 5800),甚至微軟作業系統內建的遠端桌面(port 3389),這樣就可以封鎖80port上網了