FW: connection issues
Peter Coulter
peter "at" coulter.ndo.co.uk
Fri May 28 23:53:00 2004
William
Thanks for your reply but no you didn't get it quite right.
I have no hub, router or NAT problems, I was replying to an earlier posting
(by Ron Crummett, Re: connection issues) and managed to cock-up the subject
line!
The original posters issues are still, as far as I can see, router rather
than specifically VNC issues.
Peter
> Peter Coulter said:
>> One of our projects required an Internet connection not behind NAT,
>> so to work around this problem, another box was brought in - a 5-Port
>> network hub (LinkSys, model #NH1005). One cable ran from the hub into
>> the computer that could not be behind NAT, another from the hub into
>> the WAN port on the back of the wireless router. This way the office
>> has wireless Internet access and the machine that cannot be
>> behind NAT, is not. It is this machine that I am unable to
>> connect to.
> So, connecting this with your first message:
The machine on the hub you can only connect to via IP address?
The machine on the hub can't connect to the two machines behind the NAT?
Have I got that right?
--
William Hooper
> -----Original Message-----
> From: Peter Coulter [mailto:peter "at" coulter.ndo.co.uk]
> Sent: Friday, May 28, 2004 7:55 PM
> To: 'vnc-list "at" realvnc.com'
> Subject: connection issues
>
>
>
> OK, now I understand it sounds reasonable.
>
> But by placing that "PC than must not behind NAT" where it is it will
> not (as in NEVER) be able to be reachable by the PCs on the LAN side
> of the router behind NAT because that is the way these routers work.
> As far as they are concerned that PC is out on the internet somewhere
> and the whole purpose of NAT is to protect your LAN from the Internet.
>
> You could try placing the "PC than must not behind NAT" on the LAN
> side to the router (i.e. take it off the hub, plug it to a LAN port on
> the router) and configure the router to place that PC in the DMZ (see
> pg 45 of the user manual, befw11s4_v4_ug.pdf). That way it is
> effectively now not behind NAT but it is on the LAN sub-net and so is
> reachable by the LAN PCs. Just understand that doing this means it is
> effectively out on the internet (but then it was anyway on
> the hub) and has none of protection offered by the router
> thus a good software firewall is essential (and all that that
> entials in getting VNC working! :-))
>
> As to your last question. VNC should work with that (inasfar as I have
> experience of it) but you should note that most of these simple
> broadband routers normally can only port-forward a port to a single
> LAN IP address (ie a single PC); I can't speak for the Linksys,
> consult the documentation on that point. Thus you will have to
> carefully set up multiple port-forwardings (of ports 5900, 5901, 5902,
> etc) to point to individual LAN IP addresses if you need to use VNC
> to/from more than one PC and adjust VNC Display:-Display:9
> accordingly on each PC to correspond with the port in use.
> Furthermore if you do adopt this approach you will probably
> need to make your LAN IPs static (otherwise there is the
> chance that DHCP will allocate PCs a different LAN IP address
> the next time they re-boot rendering your map of
> port-forwards to LAN IP address in-operable). One way of
> doing this is to give the PCs manually entered IP addresses
> outside the range allocated by the DHCP on the router. Some
> routers (e.g. Netgears) offer the facilty to map a specific
> PC MAC address to a specific LAN IP address, a quick skim of
> the Linksys did not reveal this feature, but again check the
> documentation.
>
> The use of ssh for secure connection is also a consideration (I use it
> to connect to work PCs where the corporate LAN firewall blocks VNC
> access on port 5900).
>
> Peter
>
>
>
> > Message: 17
> > Date: Thu, 27 May 2004 18:31:32 -0400
> > From: "Ron Crummett" <roncrummett "at" mail.caynetco.com>
> > Reply-To: <roncrummett "at" mail.caynetco.com>
> > To: <vnc-list "at" realvnc.com>
> > Subject: Re: connection issues
> >
> > I appreciate the help lent me over the mailing list. The
> question of
> > why our network is set up the way it is has been asked many
> times, it
> > seems, so let me explain why we have it set up thus...
> >
> > We are a small Internet consulting firm that moved into our office
> > space only two months ago. The neighboring company is the
> ISP for the
> > building complex and to get us on the Internet ASAP (a
> necessity when
> > your work revolves around Internet access) they ran a LAN
> cable from
> > their office to ours, and we plugged the cable into our wireless
> > router (LinkSys Wireless Access Point Router, model #BEFW11S4).
> >
> > One of our projects required an Internet connection not
> behind NAT, so
> > to work around this problem, another box was brought in - a 5-Port
> > network hub (LinkSys, model #NH1005). One cable ran from the hub
> > into the computer that could not be behind NAT, another from the hub
> > into the WAN port on the back of the wireless router. This way the
> > office has wireless Internet access and the machine that cannot be
> > behind NAT, is not. It is this machine that I am unable to
> > connect to.
> >
> > As I think about the project a little more I have to ask some
> > additional questions. The whole reason I am learning about VNC is
> > because I may need to remotely access computers located
> throughout the
> > Pacific Northwest. I am located in Boise, ID and we will
> need access,
> > for example, to three or four computers located about two
> hours south
> > of here. Will I even be able to use VNC to access these
> computers, or
> > am I heading down a dead end?
> >
> > That's it from here. More to come as the plot thickens...
> >
> > Ron Crummett
> > CayNet Consulting
> > (208) 424-1228 office
> > (208) 850-6589 cell
> > http://www.caynetco.com