Solved

port forwarding

Posted on 2004-03-23
42
14,782 Views
Last Modified: 2013-11-30
I have the following setup at home:


Internet -> ActionTec R1524 Broadband modem ->  DLink Wireless Router ->  PC


From home, using RealVNC, I can connect to my Work PC just fine....no problems there.

But, when I try to connect back to my Home PC from work......does not work.


I need help.


I did setup port forwarding on the ActionTec modem....ports 5800 thru 5900...and they are pointing to my internal LAN IP for the computer I am right now (which is 192.168.0.101)


My static IP address is 205.208.XXX.XXX ( I can reveal if necessary).


Tom
0
Comment
Question by:knowlton
  • 21
  • 4
  • 4
  • +5
42 Comments
 
LVL 17

Expert Comment

by:Tacobell777
Comment Utility
I believe the server listens on port 5900 and up, i.e. 59XX
0
 
LVL 5

Author Comment

by:knowlton
Comment Utility
So from work what would I type into the VNC  Viewer?
0
 
LVL 11

Assisted Solution

by:infotrader
infotrader earned 250 total points
Comment Utility
What OS?

For WinTel machines I think you just type 205.208.xxx.xxx ,  For Unix-based machine just type 205.208.xxx.xxx:1 (if you have multiple instances of VNC, then you have to change the 1 to 2, 3, 4, etc.)  You are both correct on the ports, depending on how you are using your VNC.

Here's what I found on RealVNC's website:

How do I use VNC through my firewall?
Many organisations operate firewalls to reduce the risk of intrusion by malicious attackers via the Internet. These firewalls typically operate by only allowing connections in to machines in that organisation on specific ports. Which ports are permitted access depends upon the network protocol that uses the port and the degree of security it provides. VNC servers can accept incoming connections through firewalls in two main ways. Although the first is usually the simplest to arrange, we recommend using the SSH tunnelling method wherever VNC is to be used over an untrusted network such as the Internet.

Opening Ports - The simplest way to allow VNC connections in through your firewall is to configure your firewalling software to allow connections to the VNC ports. If N is the display number of a particular VNC server then it will accept connections on port 5900+N. Configuring your firewall to allow connections to this port will allow VNC to work. If you wish to use the in-built web server and Java VNC Viewer then you will also need to allow connections to port 5800+N. Unfortunately, because VNC traffic is not encrypted, this approach weakens the security provided by your firewall, and so is not advisable.
Secure Tunnelling - Most organisations that operate firewalls allow connections to a number of standard ports, that are in principle used only by secure or harmless protocols. While VNC in its present incarnation is not suitably secure for this to be advisable, it can be "tunnelled" through a secure protocol layer to achieve the same effect. The Secure Shell (SSH) protocol is one example of such a wrapper, and is one which most firewalls allow access through. The Secure Shell client is run on the VNC client computer and is made to forward connections to a particular port on that machine to a port on the VNC server machine. The forwarded connection is encrypted by the SSH software, which can provide both encryption and authentication. For more details on how to do this, see here.

for the full link you can go here: http://www.realvnc.com/faq.html#5
0
 
LVL 5

Author Comment

by:knowlton
Comment Utility
Windows XP Home is the OS
0
 
LVL 5

Author Comment

by:knowlton
Comment Utility
As far as I know....I have enabled port forwarding......and still nothing.


Tom
0
 
LVL 11

Expert Comment

by:infotrader
Comment Utility
Have you tried to connect using 205.208.xxx.xxx:1 and see if that works?  Perhaps it works differently ( I am using TightVNC, but they should be almost identical to operate)

- Info
0
 
LVL 11

Expert Comment

by:infotrader
Comment Utility
wait a minute... I just caught that one line >> when I try to connect back to my Home PC from work......does not work

What do you mean, connect BACK to your home PC?  do you mean that you are using VNC to try to create another VNC session pointing back home?  If so, the reason VNC does not work might not be a VNC problem, but the fact that you have 2 port 5900 requests, and your router simply cannot handle it....

If you'd like, you can test this theory by accessing the computer from another workstation locally, see if that works.  If so, then when you get back to the office tomorrow, try to do it remotely.  Or if you really couldn't wait, just send me an email at nospame@yehnet.com with the IP and I shall test out the theory.  You really don't want to post your IP in the forum.

- Info
0
 
LVL 5

Author Comment

by:knowlton
Comment Utility
infotrader:

Yes.

Right now I am at work....but last night when I was home I used RealVNC to connect to my work PC.  Then while remotely controlling my work PC I tried to initiate a RealVNC session with my home PC....no luck.

I also tried it this morning from work and no luck.

I have access to everything I need....there must be some methodical, step-by-step way to accomplish this.
0
 
LVL 37

Expert Comment

by:Bing CISM / CISSP
Comment Utility
knowlton, as you mentioned in your question, you have the following topology to connect the internet at home. so i am wondering why you enable port forwarding on the modem, it sees that you should do this on the wireless router if your public IP address is at the external adapter of the router. of course, if you are configuring the router as an internal router, not a gateway or firewall, forget what i am saying.

Internet -> ActionTec R1524 Broadband modem ->  DLink Wireless Router ->  PC

hope it helps,
bbao
0
 
LVL 5

Author Comment

by:knowlton
Comment Utility
I tried a bunch of things last night.

Now I can't connect to the internet (at home) at all now, especially if the DLink router is attached.

I am soooooo frustrated with this whole thing.  Frustrated with myself for being such a router "idiot", frustrated with ActionTec (support calls are $30 a pop).

I really am trying to understand what everyone is telling me to do....but I must be doing it wrong because nothing has worked so far.

~~~~~~~~~~~~~~~~~~~~~~~

This is all just so I can connect from work pc to home pc.  Seems simple on the surface.
0
 
LVL 11

Expert Comment

by:infotrader
Comment Utility
bbao is right.  I didn't catch that...  Was that a typo or were you really trying to do port forwarding on the modem instead of the router?

- Info
0
 
LVL 5

Author Comment

by:knowlton
Comment Utility
I was trying to do port forwarding on the modem.
0
 
LVL 37

Expert Comment

by:Bing CISM / CISSP
Comment Utility
where is the your public IP address? on the modem or router? are you using PPPOE to access the ADSL modem from the router?
0
 
LVL 5

Author Comment

by:knowlton
Comment Utility
I have a static IP address assigned to me by my ISP:

205.208.XXX.XXX

The ActionTec broadband modem is the first "stop" coming into my house from the Internet, so I assume the 205.208.XXX.XXX address is assigned to the ActionTec modem?

Am I answering your question?

Then from the ActionTec modem I have an ethernet cable connecting to the WAN port on the DLink router.

I do not know how the DLink router is accessing the ActionTec modem....no clue.

Tom
0
 
LVL 37

Expert Comment

by:Bing CISM / CISSP
Comment Utility
ok, please tell us the specific model or type of your actiontec modem and dlink router. it would be much better if you could also give us the URLs to download the manuals of these boxes. then we can give you the steps to check them in detail.

commonly, although the first stop coming into your house from the internet is the ADSL modem, but it is just a bridge, the public IP addess generally resides at the router/gateway/firewall's external interface.

hope it helps,
bbao
0
 
LVL 15

Expert Comment

by:getzjd
Comment Utility
Here is something.. turn off the personal firewall on XP!!!

right click on your network connection , click properties and disable it.  :-)  it sounds like you have it all setup right so i am guessing that is the problem
0
 
LVL 15

Expert Comment

by:getzjd
Comment Utility
actually it is on the advanced tab after you click properties.  I believe xp home has it enabled by default
0
 
LVL 5

Author Comment

by:knowlton
Comment Utility
UPDATE:

I moved my DLink router IP over to 192.168.0.2

Now when I type 192.168.0.2 it takes me to the DLink Router config (as expected)

When I type in my static IP address (205.208.XXX.XXX) it takes me to my ActionTec broadband modem config....is that right?

Now, there is still another IP address, isn't there?  The one that my DLink is using to connect to my ActionTec modem.  That is the part I am not sure about.

So I need an answer to that part, plus I still need to get VNC working.

But the good news is that for the FIRST TIME....I can get to the firewall config for both my DLink Router and my ActionTec broadband modem WITHOUT having to disconnect any cables.  I'm so excited.
0
 
LVL 5

Author Comment

by:knowlton
Comment Utility
I checked...the firewall is not enabled on my XP Home.
0
 
LVL 37

Expert Comment

by:Bing CISM / CISSP
Comment Utility
so i looks you have the following connections:

Internet -> ActionTec R1524 Broadband modem ->  DLink Wireless Router ->  PC
                ^                                                ^      ^                           ^
         205.208.XXX.XXX                               IP1    IP2                   192.168.0.2

that means your public address resides at the modem, so it seems you dont need the router except for wireless, just change your client computers' default gateway to IP1, then all the clients should be able to access the internet. then, i think your port forwarding settings on the broadband modem should also work. :) as for the wireless router, it is enough to just use the internal interface. btw, if IP1/IP2 are not in the scope of 192.168.0.x, this change means that you have to change your internal IP addresses.
0
 
LVL 5

Author Comment

by:knowlton
Comment Utility
UPDATE:

Someone else advised me to try changing my LAN IP to another subnet:

10.X.X.X, for example.
0
Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

 
LVL 15

Expert Comment

by:getzjd
Comment Utility
actually yes, i didnt know you had the same IP scheme ebtween routers...  to route packets, you must have different networks on each end
0
 
LVL 5

Author Comment

by:knowlton
Comment Utility
So it sounds like I did the right thing?
0
 
LVL 15

Expert Comment

by:getzjd
Comment Utility
yes.. if your modem is functioning as a router also.. then make internal IP of modem something lik 10.0.0.1 and external port of router 10.0.0.2

Then update your gateway in the router to point to 10.0.0.1

See if you can establish internet connectivity then


0
 
LVL 5

Author Comment

by:knowlton
Comment Utility
A little more on the modem and router I am using:

Both have 4 ethernet ports.  DLink Router has a WAN port, which the ActionTec is plugging into right now (using one of the ethernet ports on the ActionTec).

The ActionTec is a model 1524R SU.  It is a Wireless-ready (not being utilized by me) DSL broadband modem.  

ActionTec Vendor Home Page:
http://www.actiontec.com/

ActionTec Model specific:  http://www.actiontec.com/products/broadband/wireless_ready_dsl_gateway/wireless_ready_dsl_gateway_specifications.html


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

DLink Wireless Router is a DI 614+.  I need the DLink so I can transmit the Internet to our laptop, and daughter's computer upstairs.

DLink router Vendor Home Page:
http://www.dlink.com/


DLink router Model specific:  
It is revB....(only one antena):

http://support.dlink.com/products/view.asp?productid=DI%2D614%2B%5FrevB


0
 

Expert Comment

by:jdugger
Comment Utility
What ip is the router giving your pc at home?
0
 
LVL 5

Author Comment

by:knowlton
Comment Utility
10.10.10.100

Tom
0
 

Expert Comment

by:jdugger
Comment Utility
are you doing static ip address on the router instead of dhcp?

I would make it dhcp which it is by default. Then the home pc would get the ip address 192.168.0.101 for example. Log into the router, click the Advanced button at the top, click the DMZ button on the left. Click enable. It already shows 192.168.0. ? . Put in the same ip as the home pc. 192.168.0.101. Then open vnc and type the ip address your isp provides you with 205.208.xxx.xxx
0
 
LVL 5

Author Comment

by:knowlton
Comment Utility
>>>are you doing static ip address on the router instead of dhcp?

I think both are dynamic right now.  This is from memory (I'm at work right now)

You know that I have changed my LAN IP to use 10.x.x.x, right?
0
 

Expert Comment

by:jdugger
Comment Utility
if your dmz shows 10.x.x.x, put the ip of your home(10.10.10.100)pc there. Everything will work fine. Be sure to enable it.
0
 
LVL 5

Author Comment

by:knowlton
Comment Utility
I'll try this out when I get home tonight.

Tom
0
 
LVL 41

Accepted Solution

by:
stevenlewis earned 250 total points
Comment Utility
Hi Tom, as I pointed out in the other Q, the router and modem need to be on different networks to be able to route properly
the 10.x.x.x network for the dlink will work, but make sure to change your ip's for the machines to reflect this change
the machines will need to have 10. ip of the router as the gateway, and all have the same 10.x.x ip, and of course subnet mask of 255.0.0.0 (default class A)
then log on to the dlink, and check the wan ip assigned by the modem, then you need to forward the port on the modem to the wan ip of the router, and then forward the port on the router to the 10.x.x.x ip of your machine
lets see if i can draw this
modem <forward to wan ip of router>-->router forward to ip of machine
then of course you would connect to the ip of the modem (assigned by your isp)
your modem has two ip's the WAN side and the LAN side, and the router has two ip's (the wan side and the lan side)
I hope that's as clear as mud LOL
0
 
LVL 5

Author Comment

by:knowlton
Comment Utility
<quote>
Hi Tom, as I pointed out in the other Q, the router and modem need to be on different networks to be able to route properly
the 10.x.x.x network for the dlink will work, but make sure to change your ip's for the machines to reflect this change
the machines will need to have 10. ip of the router as the gateway, and all have the same 10.x.x ip, and of course subnet mask of 255.0.0.0 (default class A)
</quote>


Done, except the mask is 255.255.255.0    not   255.0.0.0

<quote>
then log on to the dlink, and check the wan ip assigned by the modem, then you need to forward the port on the modem to the wan ip of the router, and then forward the port on the router to the 10.x.x.x ip of your machine
lets see if i can draw this
modem <forward to wan ip of router>-->router forward to ip of machine
then of course you would connect to the ip of the modem (assigned by your isp)
your modem has two ip's the WAN side and the LAN side, and the router has two ip's (the wan side and the lan side)
I hope that's as clear as mud LOL
</quote>

I thought I tried this last night with no luck.
0
 
LVL 5

Author Comment

by:knowlton
Comment Utility
What about turning the router into a switch?

Instead of plugging the ethernet cable (the one coming out of the ActionTec modem) into the DLink WAN port.....just plug it into one of the 4 ethernet ports on the DLink router?

Then if the DLink router routes to itself....problem solved?

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Or is this a dumb idea?
0
 
LVL 41

Expert Comment

by:stevenlewis
Comment Utility
try it, of course you will have to change the ip info for the machnes (unless you are using dhcp)
0
 
LVL 5

Author Comment

by:knowlton
Comment Utility
So I turn off DHCP on the DLink router (if it is on)?
0
 
LVL 5

Author Comment

by:knowlton
Comment Utility
ActionTec subnet is 192.168.0.X   (I think)
0
 
LVL 41

Expert Comment

by:stevenlewis
Comment Utility
If using dhcp, make sure to release and renew the ip ,using the
ipconfig /release_all
ipconfig /renew_all
0
 
LVL 41

Expert Comment

by:stevenlewis
Comment Utility
>>So I turn off DHCP on the DLink router (if it is on)?
yes, and let the modem handle it
0
 
LVL 5

Author Comment

by:knowlton
Comment Utility
Gotcha....

Well, I'll be home in an hour or so....so I'll try it out then.

Thanks for your patience.

Tom
0
 
LVL 1

Expert Comment

by:ezlife
Comment Utility
ok I have your same setup, I used to use a d-link router and this is what works for me. I'll be using the .192 references because that's all I use.  My modem/router/bridge given to me by my isp is 192.168.1.1, in my settings for this modem I have went to the nat applications and set the server adress to 192.168.1.2, this is basically forwarding all traffic directly to my d-link router.  my d-link router automatically accepted these settings. If yours does not for some reason,  then enter the d-link router and set the ip adress of the router to 192.168.0.1 this will assign your computer the address 192.168.0.xxx   Once you do this and have internet access>>>>
Now this is what I would do, install a free software firewall, like tiny personal firewall. From work try again to access your home computer, when you come home check to see if the firewall has denied any of your attemtps to connect. This will determine if your routers are even the cause of the problem. If you do not see any of these attemtps concentrate on the routers, try the dmz zone on the d-link allowing full access to your home computer. If you do see these firewall attempts you know the problem is with your virtual network. If any of this helps post it, and also post exactly what your connect error is when trying from the office? Timed out, denied?
0
 
LVL 5

Author Comment

by:knowlton
Comment Utility
These were all good suggestions.....

What I ended up doing was turning the ActionTec modem into a Transparent Bridge (no firewall).

Then the DLink router was put on a different subnet  (10.x.x.x) and rules were setup on the router to forward the ports.

It's working, finally  :)
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

Article by: IanTh
Hi Guys After a whole weekend getting wake on lan over the internet working, I thought I would share the experience. Your firewall has to have a port forward for port 9 udp to your local broadcast x.x.x.255 but if that doesnt work, do it to a …
Some time ago I was asked to set up a web portal PC to put at our entrance. When customers arrive, they could see a webpage 'promoting' our company. So I tried to set up a windows 7 PC as a kiosk PC.......... I will spare you all the annoyances I…
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now