VNC works over LAN, not over Internet

[kent]

ISP: Wildblue.net (Satellite internet, 1.5Mbps/256Kbps)
Router: WRT-54G v5
IP Address Method: Dynamically Static (changes once every two or three months, literally)
Firewall: None (unless it's somehow built into the router)


I've got a computer on my LAN with UltraVNC server running, I can connect to it just fine over the LAN by connecting to "machine-name:ort", but on the Internet (meaning away from my house) I cannot connect to it. It is running Norton Firewall, but I turned it off.

My router has been instructed to forward any connection attempt to my IP address at the VNC port to the computer running VNC server. Bittorrent reports that I've forward it's port correctly so I know I did it right.

I just...can't...connect to my home machine over the 'net.

 

[YeOldeStonecat]

I'd double check your port forwarding..make sure you have the correct VPN port forwarding to a static LAN IP of your VNC server.

VNC client from across the internet..make sure you're connecting to the WAN IP address of your router.

To double check..the ISP doesn't have any gateway appliance "modem" that's also running NAT, is it? In other words..you're positive your WRT obtains a public IP address on the WAN interface?

VNC server allowed in Windows firewall, which might be enabled if you flip off Symantsucks firewall.

 

[BigFNDeal]

When u try to connect are you actually outside the house or are you trying to access it by using the xternal ip but from within the LAN. I ask this because I have a machine that I use as a media server, which I can access insode my LAN by using the 192 ip and only outside my LAN by using the 68 ip.

If I connect thru my PDA I can access it also.

 

[kent]

Windows Firewall is also disabled.

When I connect within my LAN I use: archive:ort (archive is the machine name)

When I connect using the Internet I use IP.address.here:ort


I know my public IP address that resolves back to wildblue.net, I'm not trying to connect to 192.168.1.3 while on the Internet LOL


Anymore suggestions?

 

[jonw757]

Your ISP have port 5900 blocked??

 

[poundofflour]

i agree with jonw757. assuming that port forwarding is setup correctly, there are no software firewalls blocking requests, and you are attempting to connect to your public ip address there should be no problems unless your isp blocks the vnc port. the solution to this of course, is to change the port of your vnc server to something that they don't block. also, you really should consider tunneling your vnc traffic through ssh or similar if you intend to use it on the open internet as by default it is not encrypted at all.

 

[DragonNOA1]

Allowing pinging of your WAN address and see if you can ping remotely. Maybe setup a temp web server and see if you can connect to it remotely. That way you can determine if it is your computer, your router, or your ISP. Also, try telneting to 5900 remotely to see if anything opens up.

 

[Farva]

VNC sends passwords in clear text, so anyone sniffing the traffic will be able to get into your network quite easily. Use something like OpenSSH or some kind of VPN software. At least the traffic will be encrypted.

 

[poundofflour]

vnc does not send passwords in plain text, but the password can be cracked if someone sniffs the key as well as the encrypted password.

 

[DragonNOA1]

VNC sends passwords in clear text...

vnc does not send passwords in plain text...

LoL. You guys are both right. Depends on what flavor/package of VNC you are running.

Edit: And I guess also it depends on what version number as some packages have added it later or have added it to their enterprise/business VNC version.

 

[Farva]

vnc does not send passwords in plain text, but the password can be cracked if someone sniffs the key as well as the encrypted password.

Now that you remind me, I believe there is only 1 version of VNC that does not send in clear text. I don't remember which one though. I do prefer my advise to using OpenSSH for a more secure connection.

 

[YeOldeStonecat]

Now that you remind me, I believe there is only 1 version of VNC that does not send in clear text. I don't remember which one though. I do prefer my advise to using OpenSSH for a more secure connection.

Ultra VNC has several DSM plug ins avail, including SSL.

 

[kent]

I never used the default port. I tried 50142 (part of my phone number)

Then I tried 81 for HTTPS (I figured the modem wouldn't block it) -- no go.

I have no damn idea what the problem is, but I bet it's this crappy router

 

[YeOldeStonecat]

I have no damn idea what the problem is, but I bet it's this crappy router

Have you confirmed that your router actually obtains your public IP address? Or did your ISP supply you with a gateway appliance that is also running NAT?

 

[shaft]

try ports 5800 and 5801, or forward 5800-5902, you can log into it from a java enabled web browser like this, http://yourdomainorip.com:5800