[Last Call] Learn about multicloud storage options and how to improve your company's cloud strategy. Register Now


How to setup Real VNC to access PC's running behind a 2Wire gateway

Posted on 2006-06-10
Medium Priority
Last Modified: 2013-11-16
I have setup and used VNC successfully on multiple systems using Linksys or Netgear routers. Here is my problem:

Client has 2 PC's in their office, sharing internet and networked together using SBC/ATT DSL on a 2Wire Gateway, model # 2700HG-B. I have setup the firewall on the 2Wire using tips from www.portforward.com:


If I connect my laptop (using the VNC Viewer) directly to this private network I can connect using the 192.168.1.X IP's of the 2 PC's (Running the VNC Server service)without any issues.

But if I enter the public IP say 66.64.20.X of the 2Wire, which is setup in the firewall settings of the gateway to forward to the specific ports on the specific PC, I can't access any of the PC's. I have checked all firewall settings, port 5900 is excluded from being blocked and so is the VNC Server service.

Per the portforward.com setup procedure, I made sure ports 5500, 5800 and 5900 are open for both UDP and TCP. This doesn't make sense since I can access my PC's remotely which are setup behind a linksys router and the only port I opened up is 5900.

Any ideas would be appreciated.

I need setup to allow access to any VNC server I setup running on all supported windows platforms (win 9x, win NT, win 2K, win2k3 server, win XP, win Vista Beta (not as important as others).

I only seem to have this port forwarding/setup problem when clients use any model of teh 2Wire Gateway. The setup is goofy and confusing.
Question by:kcham44
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 14
  • 9
  • 4
  • +4
LVL 30

Expert Comment

ID: 16879937
Using your public IP within your LAN doesn't work -- It doesn't work for Apache web server either.
I know of no way around this. (I doubt there is a way, unless maybe by proxy?)
To access VNC within your LAN, you need to enter the local IP address of the VNC server, not the public IP address.
LVL 30

Expert Comment

ID: 16879941
Connecting through a different network -- from a different public IP address -- outta work though. Have you tested this to see if it does?

Author Comment

ID: 16879990
I need to access PC1 (192.168.1.XX1) behind the 2 Wire. I am connecting to this 2Wire right now wirelessly with my laptop so am physically on the same private network as PC1. My laptop is assigned 192.168.1.XX2

I can acess my server from PC1 using VNC viewer. TEST OK
I can access my server from my laptop VNC viewer. TEST OK
so...I tried this to see if my server can view PC1

I used my laptop to connect to my server (remote server, using a different external IP at my office).
From that connection I opened the viewer and input the 2 Wire's public IP which is set to forward port 5900 to PC1.

and I got nothing!

I also see a setting on the 2 Wire advanced settings (not sure if this would affect it):

Check ENABLE to allow broadband IP addresses to be used on the local network.
 Broadband Network: XX.230.80.XXX /
 Subnet Mask:   BLANK

I enabled it and set the Subnet to

but still nothing.
Prepare for your VMware VCP6-DCV exam.

Josh Coen and Jason Langer have prepared the latest edition of VCP study guide. Both authors have been working in the IT field for more than a decade, and both hold VMware certifications. This 163-page guide covers all 10 of the exam blueprint sections.


Author Comment

ID: 16879999
"To access VNC within your LAN, you need to enter the local IP address of the VNC server, not the public IP address."

I know this works fine.

"Connecting through a different network -- from a different public IP address -- outta work though. Have you tested this to see if it does?"

I tried from my office earlier today, different public IP, and now as I stated above, connect to my server and tried to connect from there to PC 1 and no luck.

I'll keep trying anything and everything, keep sending ideas please.

I'm sure there must be a way, as I stated this works fine for every other router/gateway I have tried...except for this stupid 2Wire.
LVL 12

Expert Comment

ID: 16880012
Two points here:

01.)  you did not define your acronym, therefore, the question is confused
02.)  authoritative sources disagree on what "VNC" means

These links will help you:

VNC=Virtual Network Channel

VNC may also refer to Virtual Network Computing, although it's doubtful that this software group has any right to claim the acronym as original

which shows that even Bell Labs and WikiPedia are not so scholarly as they may think.  I believe Microsoft has the orginal and correct meaning.  And for AT&T and Bell Labs information, VNC goes back before the 1960's.  This:

"RealVNC is a UK company founded in 2002 by the team that invented VNC."

from http://www.realvnc.com/index.html is an outright lie.  They did not invent "VNC" they created a "Virtual Network Computing" program.  Programs can't be "invented" they can only be created.  Apparently, these guys and Bell Labs and AT&T don't know the difference between an invention and a creation, patent law and copyright law.

Will newspeak never cease to amaze me from the scholarly academics . . .

VNC, the first acronym, the real acronym, works like this:

Private IP Address <-->Unique Public Static IP Address <--Internet--> Second Unique Public Static IP Address <--> Private IP Address

All forwarders post encryption, pre decryption, must be pass through, that is, no translation, so, you can't put things like NAT and PPPoE translators in-between the public routes.  Between Private and Public, outgoing is NAT first, then encryption, and incoming is decryption first, then NAT.  Any other translation in the path will break the cypher [encryption/decryption].

You do not need VNC, either kind, with Apache when you use https because https is VNC.

And on the link you gave, about setting it up, portforward.com seems to be playing games like "Age of Empires" and others over VNC; now there is a real waste of bandwidth!  I would suspect that if the site doesn't know you don't use VNC for games, they don't know much about setting up VNC either.

Why do you even need VNC within your LAN?  Is there that much surveillance inside the private network or is someone remote observing users there?

Lastly, most people get confused on VNC and the use of VPN [Virtual Private Network].  That's actually the cyphered one, while VNC may or may not be cyphered, but it has come to pass that most are, thanks to things like selling Virtual Network Computing as VPN, which it is not.

But most people, even some experts, think of VPN when they see VNC.  It's the undefined acronyms that have made this mess.

True VNC does not require cyphers at all, and perhaps that is what the gamers are talking about here, a simple locked down static type routing pipe for gameplay.

Author Comment

ID: 16880070
wow, that's a lot of info.

Let me define my question and the prupose of the resolution I seek.

1)By Real VNC I meant the program used for remotely accessing other networked computers.
2)I need to use VNC to remotely support clients behind their firewall. Nothing complicated, just basic access. I use Real VNC because it works and does the job I need. This is where my question starts...

How do I make make VNC play nice with the 2Wire's port forwarding to be able to access any private networked PC, behind any 2Wire device, from my laptop no matter where I happen to be...either in another country, down the block or sitting right next to the user on their private network connecting to a 192.XX.XX.XX IP.

Please, I am not interested in the history behind all this, although interesting and insightful. All I need is help in setting up the 2Wire Gateway to allow remote access.

Thank you for taking the time to answer my question. I am off to read about VNC at the links you provided until someone can answer this.

Don't take my comments as sarcastic or ungrateful. It's 2 AM in California and I need to sleep.

Author Comment

ID: 16880074
FYI, The 2Wire gateway, in this case, uses a dynamic IP acquired using : Connection Type: PPPoE .

Does this help?
LVL 30

Expert Comment

ID: 16880096
"Accessing more than one computer  
If you have more than one computer behind your router, you will need to assign each one a different external port. For example, if you want to access computers A and B, which are behind the same router, you could configure your router to forward port 5900 to A:5900 and port 5901 to B:5900. Some routers do not allow the external and internal port numbers to be different; in this case you would have to reconfigure the VNC Server running on B to accept connections on port 5901 and configure your router to forward port 5901 to B:5901.

From outside your LAN, you can connect to A using router-ip:0 (or just router-ip) and to B using router-ip:1, where router-ip is the IP address of your router, as determined in the previous section. "
from: http://www.realvnc.com/support/portforward.html
LVL 30

Expert Comment

ID: 16880104
Basically, if you have more than one VNC server on the same network, you have to work with ports 5900,5901, 5902...     and 5800,5801,5802...
Then to access the VNC server, you need a colon & a number after the ip: 66.64.20.X:0, 66.64.20.X:1 ...  etc. or 192.168.1.X:1  etc.
LVL 30

Expert Comment

ID: 16880107
oops, make that 66.64.20.X:5900   66.64.20.X:5901 ...

Author Comment

ID: 16880136
I understand what you are syaing, but my problem is not with ports. The 2Wire Gateway is somehow not able to support it from an external IP, since internally, it forwards port 5900 correctly to PC1.

Real VNC server service is started, set to accept incoming connections on port 5900.

The 2Wire was setup this way per the portforward link from my original post.


If you read the info there. I set up the 2Wire port forwarding the way they recommended (VNC1-VNC6, for ports 5500, 5800 and 5900 for TCP and UDP)

Oringally I had setup only port 5900/TCP to be forwarded to PC 1. The 2Wire unlike standard routers does not have an option to manually enter the IP you want to forward to, it just lists the PC's connected to it in a drop down and you choose the PC. See the image at this link. So I added my VNC1-VNC6 and added them to the "HOSTED APPS" on right side and saved. Presto...everything should work...but NO SOUP!

The problem is the 2 Wire or the way it handles forwarding or as you said the PPPoE in the middle screwing up the translation.

And like I have already mentioned, I know I always use port 5900 TCP on any other router (LINKSYS, NETGEAR, etc) and this works fine.

Can you explain or answer the problem with the 2Wire...that is all I need!

LVL 30

Expert Comment

ID: 16880188
OK working on your problem...
This is what I found so far:
- For REALVNC you only need to forward ports 5900 TCP & UDP See http://www.portforward.com/english/routers/port_forwarding/2wire/2700hg/RealVNC.htm. This shouldn't matter though, but you can try removing the other ports that you forwarded.

- Now, you said there's two client PCs. Do both have RealVNC server? Try, for now, disconnect one computer from the network (or turn computer off) & see if you can connect to the other computer at least.

-Now here's what's confusing me: If you are forwarding to ONE computer, I dont see how you will be able to connect to the OTHER from outside the LAN. From my viewpoint, you can only connect to one. Read the quote, in my post above, about port forwarding very analytically...  But this aside, just try to connect to the one computer that DOES have port forwarded to it. it should work!
LVL 30

Expert Comment

ID: 16880257
Re: Dynamic Ip
You of course would need the current IP. Sometimes IP addresses changes every few minutes!
Heres log of when it changed recently: Changed AT LEAST every 10 mitunes, since my script only checks it at 10-minute intervals:
   2006-06-11  05.24.16
   2006-06-11  05.34.19
   2006-06-11  05.44.16
   2006-06-11  06.04.16
   2006-06-11  06.14.16
4) Have you heard of dynamic DNS clients & giving a name to your IP (e.g. free at www.dnsmadeeasy.com ) ? If not, look these up later, since they are essential for accessing computers with dynamic IPs.

5) Also, when you type in the IP from outside the LAN, I do you follow it with ":5900" for computer A, and ":5901" for computer B? I haven't used VNC in some months, but I think that would be right...

6) Finally, have you done a VNC setup before with more than one VNC computer on the LAN? I ask to gauge how much info I need to supply to you. Thanks.

Author Comment

ID: 16880265
Correct in this case. I am only connecting to 1 PC (PC1), running windows XP. VNC server is running on this PC behind the 2 wire. I have set up port forwarding for the 6 different ones suggested by portforward.com, originally I had only 5900/TCP setup to point to PC1 and the firewall settings on PC are setup to exclude blocking port 5900/TCP, and also the VNC server service (this same setup works fine on NON 2Wire routers.

I have tried for 2 weeks, does not work. My father in-law also has a 2wire, and I have tried setting up his gateway and can't access it from any PC using the viewer from ANY outside IP...but internally works fine (192.xx.xx.xx).

I know about connecting from an external IP to a private network and accessing multiple PC's since I have a anotehr client using a LINKSYS 8 port VPN router...I use 5900 for main server, then all the other PC's are 5910-5930 (1 port for each PC and each PC is running the VNC server corresponding to it's speific port.

This 2Wire thing has me baffled.

I see another 2 settings in the gateway, not sure how that can affect me ( i think it may have something to do with the external IP of the 2Wire router. Here is a breakdown to clear up some facts, let me know if you need anything else:

2Wire settings(assume 69.230.59.XXX is the 2Wires external IP, verified on www.whatismyip.com):

A)The Private network: / (default)

B)Public Network:
Check ENABLE to create a route from the Internet to the public network specified below.
 Router Address:  
 Subnet Mask:  

this is disabled

C)Bridge Network:
 it lists: Broadband Network: 69.230.59.XXX /

Bridge is disabled!
Now Current Settings:

Private Network
Router Address:
Subnet Mask:
DHCP Range: -
 Allocated: 2
 Available: 188
Device List
  PC1: (I had this as the static IP and now it picked it up DHCP, will likely get .64 or .66 on reboot)


Internet Connection Details
Connection Type: PPPoE
Username: XXXXXXXXXXX@sbcglobal.net
Internet Address: 69.230.59.XXX
Subnet Mask:
Default Gateway:
Primary Domain Name Server:
Secondary Domain Name Server:
Maximum Transmission Unit (MTU): 1492
Gateway Ping: Successful
DNS Communication: Successful
Configuration Server Post: Successful

Now I see 3 different subnet masks:

Bridge Option:
private network:

could this and/or the PPPoE be the cause?

By the way what router /gateway do you use if any?


Author Comment

ID: 16880321
I'm going fishing...will return tonight around 10PM PST...thanks for all your help so far...I know we can figure this out. I will try ATT support as well and see if I can email VNC support, not sure if free version gets any support...hehe. Best place is still EE though.

have a great Sunday. I'll post some pics of any fish I catch.

LVL 30

Expert Comment

ID: 16880345
I use a wired Netgear, but it lacks "trigger ports" which are helpful to avoid keeping certain ports open all the time. My next router hopefully will have the trigger-port capability :)
Is your router a 2002 model? The prices have gone way down while the quality has gone way up for new routers. If you can afford to spend $50, it may well be worth it to get a newer model.

In the mean time, I'm quite interested in resolving this issue. But if there's no resolution, then read the store fliers, or shop online like at BestBuy etc. to fetch a new router at half price when it goes on sale...

Re: "are setup to exclude blocking port 5900/TCP" --> What about UDP? ( I doubt it will matter though. )

New info. I downloaded the 2Wire 2000-series manual (http://www.2wire.com/?p=266). It has this to say:
Remove or Disable Conflicting Applications

Internet sharing software and PC based firewall applications typically interfere with the 2Wire gateway, and should be removed or disabled before you install the gateway. The 2Wire gateway provides the same features as the products listed below. If you have any of the following (or similar) applications installed on your computers, remove or disable them according to the manufacturer’s instructions before proceeding.

Internet Sharing Applications: Microsoft Internet Connection Sharing, Intel Anypoint ISS, 3Com HomeClick
Proxy Software: Wingate Sygate
Security Software: Norton Internet Security, Black Ice,  Zone Alarm
LVL 30

Expert Comment

ID: 16880352
Fish have feelings too...I was nice to you, wanted to help you. Fish don't hurt anyone, why hurt them ?
LVL 31

Expert Comment

ID: 16880415
The author has two machines set for forwarding. You'll notice he set the forwarding of the ports twice (VNC1-3, VNC4-6). Port 5500 is for the server initiated connections (where the viewer side runs VNC in listen mode). But indeed 5900+N is what you use for normal incoming. 5800+N is for outgoing traffic.

What mode is the router operating in? Bridging or routing? I've seen issues arise with forwarding at times. Other than that though, your settings look good.

GinEric - RealVNC was started *after* AT&T shutdown the lab that he VNC program at (which mind you was NOT Bell Labs). However, that's not the important thing here, as much as resolving the issue at hand. However, based on port numbers alone, it stands out that it's the VNC that AT&T had created.

Author Comment

ID: 16883199
NO software based firewalls. The reason I don't go buy a new router is the clients already purchased the 2wire (DSL MODEM/GATEWAY/ROUTER). This was supplied by SBC/ATT for their DSL service.

Here is the other thing that makes no sense. In the list of supported APPS to setup, VNC is listed with port 5900/TCP. This is on the 2Wire. I tried selecting that as well, no VNC connection from remote.

I must find the answer, either positive or negative. The 2Wire is set in Routing mode. Not sure of the model but it matches the pictures in the manual.

I will attempt support with VNC, ATT and 2Wire and list my findings.

THank you so much.

by the way, I went fishing, but did not actually catch any fish...best part was spending time with family at the lake.

Expert Comment

ID: 16887926
Don't need any of that stuff.  Just use this.  www.helpdeskvnc.com
LVL 12

Expert Comment

ID: 16889416
kcham44, sorry about your fishing trip; we just got back with a cooler full of Black Sea Bass [dinner for a few days this week!]

Yeah, it's what they call RealVNC;  I got that.

Okay, the pictures you showed, kcahm44, showed the NetBIOS name being preferred over the IP Address for configuration, ewwww,  a really bad idea, and may be the cause.

Author Comment

ID: 16890004

Where do yu see that? the netBIOS preference?

Author Comment

ID: 16989982

Can you please explain what you meant, your explanation was sort of unclear, not sure where you see that.

Does anyone else have any suggestions?
LVL 12

Accepted Solution

GinEric earned 2000 total points
ID: 16990704
Generally, NetBIOS over TCP/IP will get the NetBIOS [Window's] name and information first, rather than the DNS name and information.

If you do a "ping -a" on an IP Address and you get only a NetBIOS name, then the DNS name is not seen as a Fully Qualified Domain Name host.

In the link you provided, http://portforward.com/english/routers/port_forwarding/2wire/2700HG-D/VNC.htm, it basically shows the machines as their NetBIOS name, and not the full hostname.domain.tld, look at the "Edit Firewall Settings" and see that the name appears to be flasher-zx1znpx for the computer hosting through the Firewall.  I'm just suggesting that the 2wire NOLOGON-D is using NetBIOS names, which will probably not work over remote connections.  And if it's dependent upon NetBIOS, it would seem to be strictly for LAN connections, not remote ones.  If it can translate and forward, yes, it might work, but DNS across the Internet is not going to find your machine by NetBIOS name.

If this is true, you may not be able to accomplish it.

Author Comment

ID: 16994040
Thanks I will verify this with ATT and or 2Wire. That would stink.

Author Comment

ID: 17123707
Thank GinEric,

I will just disable the 2wires firewall and add another router to achieve what I need.

Thanks again.
LVL 12

Expert Comment

ID: 17142536

Expert Comment

ID: 25635020
Take a look at this document for vnc port forwarding on the 2wire router.


Author Comment

ID: 25651050
that link was in my original question.

Expert Comment

ID: 37884755
My SBC global 2 wire router is a 3600HGV-B model.

I was having about the same problems. I used Settings -> Firewall and -> Applications, Pinholes and DMZ's section to select my desried computer inside the router's local network, then set up a user defined application "VNC" for some ports 5900-5901 but then using the program at  http://www.canyouseeme.org/ to ping a port I tried pinging 5900 but got "Connection refused"

But when I looked at the log at sbc 2 wire router Settings -> Logs, Filter for firewall. I saw the router was letting 5900 in by but the VNC server on my target computer on the local side of the firewall was itself rejecting 5900. I tried 5901 and then "canuseeme.org" ping said "accepted" So my "tight VNC" server on my linux box wanted to see 5901 and by the way the ip for this one is just the global ip provided by sbc plus a colon and a 1 (the 1 is for 5901)

So it worked and I got in !


Featured Post

Are You Ready for GDPR?

With the GDPR deadline set for May 25, 2018, many organizations are ill-prepared due to uncertainty about the criteria for compliance. According to a recent WatchGuard survey, a staggering 37% of respondents don't even know if their organization needs to comply with GDPR. Do you?

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

For many of us, the  holiday season kindles the natural urge to give back to our friends, family members and communities. While it's easy for friends to notice the impact of such deeds, understanding the contributions of businesses and enterprises i…
This month, Experts Exchange’s free Course of the Month is focused on CompTIA IT Fundamentals.
NetCrunch network monitor is a highly extensive platform for network monitoring and alert generation. In this video you'll see a live demo of NetCrunch with most notable features explained in a walk-through manner. You'll also get to know the philos…
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …
Suggested Courses

650 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question