Gazoo
@telus.net
| SE567 & UltraVNC Port Forward
I have a telus SE567 modem and am trying to get access to port 5800 for Ultra VNC on my computer with ip 172.16.0.11 (assigned static).
So far I have tested that VNC works by connecting remotely from a 2nd computer on the lan directly to 172.16.0.11 and vnc works great.
If I try and access that same system via the WAN I cannot get access.
I ran telnet (my wan IP) 5800 and receive a "Could not open connection to the host, on port 5800: Connect Failed"
If I telnet (my wan IP) it connects with a "Speadstream telnet Server; login:"
I have portforward (Advance->Internet->Address Translation->Port Forwarding and set TCP port 5800 to 172.16.0.11
I have also turned on UPnp (Advance->local network->Plug and Play->Enable full Internet Gateway Device (IGD) support
I have also tried:
Turning off the firewall
Placing 172.16.0.11 into a DMZ
None of these allow access through. Any ideas?
thanks |
|
couttsj
@telus.net
| The default port for UltraVNC is 5900, unless you changed it. To verify the port it is using, open the host program and use the command:
netstat -an
to view all the open ports.
I would however recommend changing the default port because hackers will portscan on that port. For example, if you change the port to listen on 5901, you would simply use the string 172.16.0.11:5901 to connect to it with the remote program. |
|
Gazoo
@telus.net
| reply to Gazoo
Thanks for the reply.
Yes that port is open and I can make a remote connection to that computer running VNC from another computer that is also behind the SE567 firewall so I know VNC & the system it is running on is configured properly.
The problem still remains that when I try to gain access from the wan side I can not make a connection.
BTW I also ran a port checking program which said the port is open.
Good point about changing the port. For now I just wanted to use the defaults to test it. BTW I also have port 5800 (Java access via browser) & port 5500 (the single click "Listen mode") fwd. None of which work! |
|
Gazoo
@telus.net
| reply to Gazoo
Got it to work. Turns out you can't go from computer "a" on the lan out onto the internet (wan) then come back and access computer "b" on the lan.
I was able to make a remote connection from the office without any problem.
It's funny I'm sure on my old dlink and linksys routers I use to be able to go out from the lan onto the wan and then back into a port fwd computer on the lan. Not that I would do that in practice but for testing it sure helps |
|
jjthegreat
join:2004-06-17
Montreal, QC | Ahh its probably some of that NAT loopback shenanigans that never works.
Glad you got it.
//JJ |
|
couttsj
@telus.net
| reply to Gazoo
said by Gazoo :
Got it to work. Turns out you can't go from computer "a" on the lan out onto the internet (wan) then come back and access computer "b" on the lan.
I was able to make a remote connection from the office without any problem.
It's funny I'm sure on my old dlink and linksys routers I use to be able to go out from the lan onto the wan and then back into a port fwd computer on the lan. Not that I would do that in practice but for testing it sure helps
Think about it for a minute. You are sending out a TCP request addressed to your own public IP address. The routing table in your computer says that it has to be routed to the gateway. It gets to the LAN interface on the gateway router, which then translates the private "from" address to the public address and forwards it to WAN interface. I don't know if the Telus ADSL network is even capable of returning the packet back to the same address, but the NAT table in the router would be totally confused because the outbound address is the same as the inbound address. It is not the same as a simple loopback on your own private IP address. The NAT router is dealing with 2 separate interfaces and translating between them. It can't perform a simple loopback. What I do for testing is connect to an external machine, and then initiate a new VNC connection back to the local machine. Sometimes the video is a little wonky, but it does verify tests the connection. |
|
siberx4
Bandwidth hog
join:2004-10-19
West Vancouver, BC
| reply to Gazoo
said by Gazoo :
It's funny I'm sure on my old dlink and linksys routers I use to be able to go out from the lan onto the wan and then back into a port fwd computer on the lan. Not that I would do that in practice but for testing it sure helps
I think this capability is based on how clever your routing device is - it knows what your own WAN IP is, so if it receives a packet from the LAN interface with the WAN as a target it should in theory be able to figure out to do a loopback with it instead of sending it out to the gateway. I have seen both behaviours in practice - my old freesco router would not perform this self-IP routing as a loopback, whereas my current dd-wrt box does exhibit this behaviour (I can ping my own wan IP from inside the lan, or access port-forwarded stuff running on other LAN computers through the WAN IP).
--
We are not retreating.
We are merely advancing in another direction.
-Douglas MacArthur |
|
