iT邦幫忙

2

如何只開放 Teamviewer 而其他應用都擋掉(包含上網瀏覽)?

mrpan 2011-03-01 16:23:3835328 瀏覽

大家都在討論 如何封鎖 TeamViewer
而我卻是希望使用 TeamViewer 於遠端維護
由於工廠設備都不需要上網功能, 因此我防火牆預設全部阻擋.
只開啟 DNS : 168.95.192.1 (Hinet DNS)
DNS : 8.8.8.8 (Google DNS)
請問還做哪些設定才能夠順利使用 TeamViewer 連線, 其他應用皆阻擋呢?

28
ycl8000
iT邦高手 1 級 ‧ 2011-03-02 08:23:29
最佳解答

剛好前陣子也有類似的需求,因網路上找不到相關的資訊,於是就寫信問TEAMVIEWER原廠,對方的回覆解決了我問題,給你參考:

Thank you for your message.

Unfortunately, we do not have a fixed IP-Range of our Servers. Our network is very dynamic and constantly growing; therefore, it wouldn't make any sense to deploy a list of our IP-Addresses.

However, there are 2 options to unblock TeamViewer:

  1. General unlocking of Port 5938 TCP for outgoing connections. (recommended)

Port 5938 is only used by a few programs and therefore is no security risk. This traffic should then neither be filtered nor cached.

  1. Unlocking of URLs of the following formats (to any Server)

GET /din.aspx?s=…&client=DynGate…
GET /dout.aspx?s=…&client=DynGate…
POST /dout.aspx?s=…&client=DynGate…

Independent from the chosen method:
Please also check that no content filter or similar is blocking one of the following URLs:
*.teamviewer.com
*.dyngate.com

If you have any further questions please do not hesitate to contact us.

14
bizpro
iT邦大師 1 級 ‧ 2011-03-01 22:33:50

Teamviwer用的是tcp 5938進線和走tcp 80出去.

14
ufgeorge
iT邦研究生 2 級 ‧ 2011-03-02 08:06:47

因為 TeamViewer 的設計目的是電腦可以上網,就可以被遠端遙控,那被控端就等於必須可以上網。
如果您不希望讓被控端可以上網,那您應該改用像VNC(port 5800),甚至微軟作業系統內建的遠端桌面(port 3389),這樣就可以封鎖80port上網了

8
lirick42
iT邦新手 1 級 ‧ 2011-03-02 10:55:13

哈~只允許以上通過 其他拒絕 是個不錯的方法

我要發表回答

立即登入回答