Access to on a local network from internet

Bill Reedy bmr@surewest.net
Thu Nov 7 23:30:01 2002


CLARIFICATION (I hope)...

Actually, it isn't so much a limitation of NAT firewall/routers, but a port
configuration issue. Normally, you should be able to use your external IP
address (along with port number) to get to another PC within the same LAN
(same port number).  NAT routers should allow this, or rather, should be smart
enough to re-route your external request to an internal machine.

The reason why it isn't working in this particular case is that the port
number the servers are listening on are not the same as the port number you
use to differentiate them externally.  In other words, when you try to go to
external address XX.XX.XX.XX:1 (port 5901) your router causes it to go to
192.168.XX.XX port 5901 - port translation doesn't occur.  Since that PC is
listening to port 5900, the connection fails.  If the server's actual
listening port is the same as the external port (5900 + display number) used
by the client, it will work.

...br
  ----- Original Message -----
  From: Scott C. Best
  To: vnc-list@realvnc.com
  Cc: groups@nominous.com
  Sent: Thursday, November 07, 2002 12:18 PM
  Subject: Re: Access to on a local network from internet


  Dave:

  Heya. Yes, you're right: I forgot to mention that. If
  your PC is on a LAN behind a NAT'ing firewall/router, you will be
  unable to use the VNC viewer to connect to your firewall/router's
  external, real-world, IP address. Sorry. 'Tis a limitation of
  NAT'ing firewall/routers.

  Take heart though: if you can connect to your VNC servers
  using their LAN IP addresses, and if GoToMyVNC.com says it can
  detect the servers, I'm 90-percent-plus confident you will be able
  to connect to them remotely. If you haven't set any special
  AuthHost settings on your VNC servers, I'm even more so.

  cheers,
  Scott

  > > > > Heya. As YDG suggested, you'll need to make 5 "port
  > > > >forwarding" entries into the router that's doing the IP address
  > > > >sharing:
  > > > >
  > > > >1. External TCP port 5900 to your first PC's port 5900
  > > > >2. External TCP port 5901 to your second PC's port 5900
  > > > >3. External TCP port 5902 to your third PC's port 5900
  > > > >4. External TCP port 5903 to your fourth PC's port 5900
  > > > >5. External TCP port 5904 to your fifth PC's port 5900
  >
  >
  > Dispite doing this, I still cant access other machines on my LAN. Using
the
  > website www.gotomyvnc.com it shows the additinal PC's, but I cant access
  > them.
  > Is this because Im trying to access them from within my NAT'ed
connection,
  > via the external IP address?
  >
  > Im trying this for testing, then I know it will work remotely.
  > Are there any ports which the serer need's unblocked to communicate back
out
  > to the client?
  >
  > What about the ports for the java web access, anything incoming /
outgoing
  > other than the 58xx range?
  >
  > Cheers
  >
  > Dave
  _______________________________________________
  VNC-List mailing list
  VNC-List@realvnc.com
  http://www.realvnc.com/mailman/listinfo/vnc-list