Cannot connect to WInXP box with UltraVNC

Scott C. Best sbest "at" best.com
Tue Mar 9 00:26:01 2004


Peter:

	Heya. Some comments and musings inline:

> Yes, GoToMyVNC shows the attempts reach my VNC server on my home network
> (behind the Netgear router and NIS 2003 Personal Firewall), and something
> bad happens after that. But I get the password screen back on the initiating
> PC (on the office network) so traffic gets out from my NIS SW firewall, and
> my Netgear router to the originating PC (in the office) to post the password
> screen (so something's working!). The password is entered and it is after
> that that things go awry. The question is where and why.

	Agreed. I'm worried that the NIS firewall is interfering with
a long-term connection from your Viewer-to-Server. Some sort of "timeout"
option, which wouldn't break web-browser or email traffic, but would upset
VNC connections.

> I have to take issue with the statement "Aren't the software firewalls just
> doing their job?". The answer there is only a qualified Yes.
> Yes the SW firewall is blocking things, but I have configured it to allow
> some traffic, and in this case UltraVNC traffic, to pass. So, in my view,
> the SW firewall is not doing its job to the fullest extent it should.

	I misread your original post to say that your SW firewall was
blocking traffic that did not *originate* on your home LAN (ie, it was
filtering based on the source IP address). If that was the case, then it
makes sense that you can run VNC on your network, but not *to* your
network from a remote site.

> So unless UltraVNC is using some other port(s) I am unaware of then as far
> as I am concerned NIS is configured correctly (in terms of ports). Input
> from anyone on that would be appreciated.

	AFAIK, UltraVNC requires only the usual TCP 5900 to work.

> 2. UltraVNS and NIS 2003 are incompatible
> I have seen some reports about this and wonder if anyone can confirm.

	Easy test: does RealVNC (either Viewer or Server) work in your
setup?

> 3. It could be the HW firewall (Netgear router) is the problem. But on the
> other hand I have also configured the Netgear to allow all traffic on the
> ports identified above to pass in both directions. And the results from
> GoToMyVNC seem to show it is operating as expected/required.

	Right: the fact that you can get to the password prompt at all
usually indicates that the router is configured correctly.

> In fact I will not accept - as a long term solution - disabling the SW
> firewall just for the wants of a single application; that is much too high a
> risk solution. It (NIS) works for other applications; I have no trouble, for
> example, running GotoMyPC by appropriate configuration of the HW and SW
> firewall.
>
> So I am still hoping for a solution that allows me to use both HW and SW
> firewalls with UltraVNC.

	Have you tried any tunneling of the VNC connection? That's a
common technique of bypassing the firewall: setup your firewalls to work
with (say) an SSH connection, then just tunnel VNC through that.

hope this helps,
Scott