Problem with VNC on Natted Windows Client

Palula · 09-06-2005, 07:40 PM

Hello all!

Structure:

Home LAN with Linux Firewall forwarding the internet connections and two clients - Client 1 = Win 98; Client 2 = Windows XP. My homelinux is Fedora Core 3 by the way...

I use RealVNC (Free Edition 4.1.1).

Problem: I can´t connect to one of my clients (XP) through the Internet although everything looks well configured. The message VNC returns after some time trying to connect is: Connection Timed Out.

Here is my Vnc, Client and Router/Firewall configs so that we can see if everything is tightened up and should be running.

VNC: Is waiting connections on a specific port wich I will call "vnc port".

Client: I entered the windows Firewall Exception rules and created two exception rules wich permits incoming connections to the "vnc port" (both of them. Client and HTTP). This client has an assigned IP wich I will call "client assigned IP".

Router/Firewall: The server has a Firewall rule wich permits incoming connections through "vnc port" and those incoming pakcets should be "DNAT-ted" to the "client assigned IP":"vnc port".

Code:

/sbin/iptables -A FORWARD -j ACCEPT -i $wanic -p tcp --dport "vnc port"
/sbin/iptables -t nat -A PREROUTING -i $wanic -p tcp --dport "vnc port" -j DNAT --to-destination "client assigned IP":"vnc port"

Ok that´s it. Why isn´t it running. Maybe here someone can see something I forgot.

Last thing: I´d like to know what is the right way to connect with the client or browser to VNC on a SPECIFIC PORT. I used for both: "Router/Firewall IP":"vnc port". So it would look like something like this: 200.2.233.14:12 (totally random IP/port). And beyond this, The Firewall should be redirecting the connection to the client and port specified.

cardy · 09-08-2005, 06:47 AM

I don't know if you have changed it on the VNC server but the default vnc port is 5900. when you connect to vnc you specify a hostname/ip address and a screen number not a port. The screen number is added to the default 5900 port number to give the real port number that is connected to.

Server ports

Code:

Screen Number         Real Port Number
      0                    5900
      1                    5901
      2                    5902
and so on.......

when you use vncviewer if you wish to connect to the screen you use as I believe you have been trying

router/machine:screen

If you wish to connect to the port you need to use

router/machine::port

(note the double colon)

Palula · 09-08-2005, 08:09 AM

Yep... The default VNC server port is 5900 and I changed that port to specifically the "vnc port" I want to use.
By doing that, I thouth logically that the screen I should use is: 0. Since I changed it. When I put 0 I will be connecting to the port I specified on the server setting right?
Anyway, that didn´t work, nor did the other form: Connecting to a specified port using a double semi-colon.

Still get the message: "Unable to connect to host: Connection timed out (10060)"

cardy · 09-08-2005, 01:17 PM

its a double colon not a semi colon.

I have tested it and it does work when using machine::port

Palula · 09-09-2005, 01:45 PM

I´m sorry but I meant a doube colon. I tested the double colon and it doesn´t work.

Palula · 09-12-2005, 11:01 AM

The machine that I´m trying to connect has Windows XP and I´m trying to perform a remote connection ( through the internet). I read somewhere on the site that this is not possible with Windows XP. I don´t know if it´s that is really true due to the lack of english undestanding. Can anyone confirm this to me?