 ustewjt
join:2000-12-07
Miamisburg, OH | BEFSR41 (1.39) and VNC on port 21 I am having problems forwarding port 21 for use with VNC.
The VNC software works fine from other machines inside the home network. However whenever I try to access from work (with a firewall), I am getting to my home machine as VNC is sending back the "Please Wait, loading initial screen" message. However, it never clears and I am unable to remotely access my home machine. This tells me that something in the router is blocking the traffic.
I have tried other ports (i.e. 80, 23, etc...) with similar results. I am not running any other services on home machine which would conflict. Don't know if I need any other ports forwarded other than single port set for VNC.
This used to work under a much lower router firmware (i.e. 1.36 or something) but has not worked since upgrading. Originally thought it was ISP preventing traffic but now on faster service with different company and same results. Furthermore, I have been in contact with other people here at work with same problem.
Does anyone have experience with VNC and the 4-port router? If so, which ports are you forwarding?
Thanks, Tim
--
Current config: Ameritech.Net LineShare(768/128) using a Efficient 5260 and Linksys 4 port (1.39) |
|
 hbguy
join:2000-11-20
Huntington Beach, CA | I use the default ports of 5800 and 5900 on port forwarding to a the static IP address of my LAN side machine. |
|
Anon | reply to ustewjt
Same with any program that has problems with fowarding, always check your log and see what ports goes through the router fine without fowarding, then use it as a trigger port to open the standard ports of the program, it has helped many users with webserver, ipsec, and especially video software. |
|
Taer
join:2001-10-12
San Jose, CA | reply to ustewjt
If you're running the VNC server on the WAN side (internet) of the Linky, you won't need any forwarding.
If you're running the VNC server on the LAN side (home side) of the Linky, you will need to forward 5800+display#.
Be warned, VNC is strongly on the convenience side of the convenience/security tradeoff. If you're running a server, the server does not time out if you give an incorrect password, nor does it disconnect or terminate if you give <n> incorrect passwords. This means, it's relatively simple to modify a VNC client to perform a dictionary attack against a VNC port.
A better solution would be to run SSH, and forward the VNC connection. |
|
|
|
 Bill_MIBill In MichiganPremium,MVM
join:2001-01-03
Royal Oak, MI
kudos:1
 ·Comcast
·WOW Internet and..
| reply to ustewjt
Tim, this sounds suspiciously like an MTU issue on servers using PPPoE (is this what you're running?). VNC connects but cannot send any large data packets without corruption.
Setting the server box to MTU 1492 or lower may fix it (using DrTCP probably easiest). Alternately, try reducing the client end - that's how I found this in this thread: Test My FTP.
Apparently, neither the modem or LinkSys enforces the 1492 MTU for inbound (server) connections. As long as something in the path does, it'll work. Hope this gets it. |
|
ustewjt
join:2000-12-07
Miamisburg, OH
| reply to Taer
said by Taer:
A better solution would be to run SSH, and forward the VNC connection.
Sounds like a good idea! Is there any documentation on how to set something like that up?
Thanks, Tim
--
Current config: Ameritech.Net LineShare(768/128) using a Efficient 5260 and Linksys 4 port (1.39)
NEVERMIND ... Found it Here
[text was edited by author 2001-10-23 22:13:24] |
|
ustewjt
join:2000-12-07
Miamisburg, OH | reply to Bill_MI
said by Bill_MI:
Tim, this sounds suspiciously like an MTU issue on servers using PPPoE (is this what you're running?).
Correct. (Ameritech.net)
said by Bill_MI:
Setting the server box to MTU 1492 or lower may fix it (using DrTCP probably easiest).
Done. We will give it a try from work tomorrow.
BTW, is there a way I can enforce this from the VNC client (at work)? Would I run DRTCP on that machine and set the MTU there to less than 1500?
Thanks, Tim
--
Current config: Ameritech.Net LineShare(768/128) using a Efficient 5260 and Linksys 4 port (1.39) |
|
Reviews:
 ·Frontier FiOS
| reply to ustewjt
There is a good article on the AT&T VNC site ->
»www.uk.research.att.com/vnc/sshvnc.html
Otherwise check out the O'Reilly SSH book (the snail book), it provides a wealth of information on port forwarding and tunnling with SSH.
--
You've glimpsed the fist within the Bene Gesserit glove. Few glimpse it and live. |
|
Bill_MIBill In MichiganPremium,MVM
join:2001-01-03
Royal Oak, MI
kudos:1 Reviews:
·Comcast
·WOW Internet and..
| reply to ustewjt
said by ustewjt:
BTW, is there a way I can enforce this from the VNC client (at work)? Would I run DRTCP on that machine and set the MTU there to less than 1500?
Exactly, Tim. If that's easier, try it that way. I'll cross my fingers this gets it.
BTW, do you have the MTU on the LinkSys set to 1492? It's possible this setting works inbound now. That was a few f/w revs ago I tracked down that LinkSys MTU was only affecting outbound. Actually... the *modem* is as much at fault here. This bad combo makes a 1500 MTU connection on a 1492 network - which don't work. |
|
ustewjt
join:2000-12-07
Miamisburg, OH | reply to ustewjt
Works now! Thanks to all who replied.
I used DrTCP to set the MTU on my W2K box to 1492 and it works now. I kept the router at the default 1500 by disabling the MTU setting. I also played with the RWIN setting as well.
Thanks, Tim
--
Current config: Ameritech.Net LineShare(768/128) using a Efficient 5260 and Linksys 4 port (1.39) |
|
