HELP! Router/Firewall with VNC Question

Peter Coulter peter "at" coulter.ndo.co.uk
Sun Apr 4 16:02:01 2004


The easy concept that your are missing is that by definition a router routes!
And it routes between one sub-net and, at least, one other sub-net.
If you try to have the same sub-net on either side of the router, I'm sorry,
but it is just going to confuse the poor thing.

What you tried (change your LAN IP to be the same as your public IP) was never
going to work!

Where are your trying to use VNC to/from -
    From PCs on your LAN to each other?
    From PCs inside your LAN out?
    From PCs outside your LAN in?

Do you have a static or a dynamic (external or public) IP address? If static
you just use that address to access VNC.
If you have a dynamic IP address you should consider using a Dynamic DNS
service such as already suggested (http://www.dyndns.org).

In either case you use the <extern-IP-addr>:0 or <extern-IP-addr>::5900 on
VNCviewer to get into a PC running VNCserver.
If your port-forwarding is set correctly on your router that should run. The
router handles the IP address on the LAN side, VNC neither knows nor cares.
Note that on Netgear routers you can only forward a particular port to a
single IP address. Thus if 5900 is forwarded to IP 192.168.1.1 it cannot be
forwarded anywhere else. But you can use ports 5901, 5902, etc to point to
different LAN IPs and you adjust the VNC installation on each to use Display 1
or 2 or 3, etc as appropriate, and thus you can access various PCs on your LAN
despite only having the one external IP address.

Have you any software firewalls running on any of the PCs? If yes, then they
too of course need to be configured to allow traffic to pass.

You probably want to get this lot working with just plain VNC before you
attempt to start using VNC over SSH!!

Peter


>
> Hey,
> I have some more info on my Router/VNC problem.  I must be missing an easy
> concept here about routers and the VNC program but here goes.  My routers
> LAN IP was the default 192.168.1.1 which basically every consumer router
is.
> My IP addy from the internet is different than that so if I go to
> myipaddress.com it will show my real IP addy not the 192.168.x.x one.
> Anyway, I changed the router settings (specifically the LAN IP) to be the
> same as my real IP address and when I tried VNC on different computers it
> worked!  I thought everything was fixed b/c I could use http/java to log
> into VNC as well as a VNC viewer on another PC to access it.  I could still
> log into the router to change settings if I didn't do the :5800/:5900 port
> so everything appeared fine.  However, on my client/host computer that the
> router is hooked up to, I no longer had internet service :(  So I changed
> the LAN IP back to 192.168... and now I have internet again but the VNC
> doesn't work b/c the icon in the taskbar shows the 192.168 IP addy instead
> of my real addy like when I changed it.  So what is the workaround and I
> must be missing something b/c this is probably like this on every single
> router - you have an IP from the internet and the router masks it and gives
> out it's own IP's to each computers (which happen to be 192.168.x.x for
most
> routers) and you can port forward but VNC still thinks your IP is the
> 192.168 which you obviously can't log into from a different computer.  So
> what do I do?

David