Solved

VNC, firewalls, and SBS2K

Posted on 2004-09-23
12
450 Views
Last Modified: 2013-11-16
Hello -

I am having a problem getting to VNC from outside of my internal network.  I have a Zoom X4 ADSL Modem/Router (internal IP 192.168.0.253) which i have set up the virtual server to forward ports 5800 and 5900 to the corresponding ports on the VNC Server (192.168.0.253).

.253 is a SBS2K machine which is running VNC (the VNC client is on 0).

If i type in 192.168.0.253:5800 in a web browser on the internal network i can connect to it fine.
However if i type in 192.168.254:5800 in the browser, the page cannot be found.

I placed .253 in the DMZ and found the same thing happened (so the Tech support at Zoom can't help me)

I also set up Outlook Web Access SSL on port 443 which works fine internally, but again not externally.

However, email (ports 25 and 110) is going through the port forwarding no problem.

I uninstalled ISA server just in case... but it's still not working... I have no software firewalls on .253

Please...please... does anybody have any ideas?

Many thanks
0
Comment
Question by:alipri
12 Comments
 
LVL 5

Expert Comment

by:netspec01
ID: 12132885
> I have a Zoom X4 ADSL Modem/Router (internal IP 192.168.0.253) which i have set up the virtual server to forward ports 5800 and 5900 to the corresponding ports on the VNC Server (192.168.0.253).

Your internal Ip of your Zoom is 192.168.0.253 and your server is 192.168.0.253?  They need to be different addresses.
0
 

Expert Comment

by:dlinvill
ID: 12133479
Ignoring the internal IP confusion for a second, are you using the external modem "real" IP to access the server from the outside?  If you are trying to access this from accross the internet you are going to have to use the router external IP which will not be in the 192.168. range.  

You should go to http://www.whatsmyip.org/ to see what the external router IP is.  This is the address you will need to access your internal servers accross the internet.

Something like http://www.whatsmyip.org/ is a longer term soultion if your IPs are dynamic and change over time.
0
 

Author Comment

by:alipri
ID: 12134085
Sorry - the router is .254

The problem is the same whether it's the internal or external IP address that's used.
0
 
LVL 5

Expert Comment

by:netspec01
ID: 12134474
> I placed .253 in the DMZ and found the same thing happened (so the Tech support at Zoom can't help me)

I don't see that the Zoom Z4 has  DMZ port?

Your external interface on the Zoom has a public address right?  Connected directly to your ISP?  Is this interfce using statically or dynamic?
0
 

Author Comment

by:alipri
ID: 12134744
The Zoom router has a public static IP address, the X4 has a DMZ in the Advanced Setup options.  I've checked that the ports are open... i just can't understand why VNC (or SSL) won't receive connections coming in through the router.
0
Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

 
LVL 5

Expert Comment

by:netspec01
ID: 12135210
DMZ in the virtual sense, not a real interface?

If you have the router configured correctly, connecting to a.b.c.d:5800 from the public side should be NAT-ed and forwarded to your server (a.b.c.d is your public ip).  The return traffic should be un=NAT-ed in the same fashion with proper state being mintained.  To test to see if the traffic is getting there:

1.  use Ethereal to capture incoming traffic to VNC host.  You need to either span ports, use a hub or install Ethreal on the VNC host.  Make sure it is capturing before doing the rest of the test.

2. connect from a public IP to a.b.c.d:5800 while the capture is turned on

3. you will see one of two possibilities: connection request from the internal address of the Zoom or no connection request

4. If you see no connection request, the router is not doing its job

5. If you see the connection request, there is another problem;  maybe no return traffic?

0
 

Author Comment

by:alipri
ID: 12135505
Hello - I downloaded Ethereal - but don't know how it works - what do i need to do?

Thanks
0
 
LVL 5

Expert Comment

by:netspec01
ID: 12135747
If youare on windows you need to also download winpcap and install.  Then install Ethereal. Click the capture button, try your connect, stop capture and look at data.
0
 

Author Comment

by:alipri
ID: 12136912
Hi there - it was because i was accessing the router from an internal IP - i just hooked up the computer to a modem and went online and everything was hunky dory.

D'OH!

0
 
LVL 5

Expert Comment

by:netspec01
ID: 12137287
Yes some network devices (even Cisco PIX) you cannot access the external interface or NATT-ed hosts from inside the network.

Glad to see your problem has been solved!
0
 

Accepted Solution

by:
modulo earned 0 total points
ID: 12663618
PAQed with points refunded (500)

modulo
Community Support Moderator
0

Featured Post

Free camera licenses with purchase of My Cloud NAS

Milestone Arcus software is compatible with thousands of industry-leading cameras for added flexibility. Upon installation on your My Cloud NAS, you will receive two (2) camera licenses already enabled in the software. And for a limited time, get additional camera licenses FREE.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Intel wireless adapter shuts down when logging off Windows 7 13 57
DHCP for a guest wireless network 1 47
Creating and Connection two new domains 5 79
logging buffered 8 39
If you're not part of the solution, you're part of the problem.   Tips on how to secure IoT devices, even the dumbest ones, so they can't be used as part of a DDoS botnet.  Use PRTG Network Monitor as one of the building blocks, to detect unusual…
In this article, I am going to show you how to simulate a multi-site Lab environment on a single Hyper-V host. I use this method successfully in my own lab to simulate three fully routed global AD Sites on a Windows 10 Hyper-V host.
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

867 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now