VNC and NAT - using random ports?

Scott C. Best sbest "at" best.com
Mon Jul 9 21:19:01 2007 

Johan:

 	Hello! They "4674" and "4680" ports are actually ports from
the *viewer* side of the connection: when the Viewer opens a "socket"
to connect with the Server, it has a specific source-address and
a specific destination-address. In your case, "90.0.0.241:27036" is
always the destination, and the operating system on the "90.0.0.2"
PC will dynamically assign a source port from the pool of available,
unused port numbers (usually above 1024).

 	Which is all to say..."4674" and "4680" are not a problem. :)
As for the "Connection Reset by Peer" error, that's good news and
bad: good is that the connection from "81.240.207.222" is definitely
reaching your server on "90.0.0.241:27036" -- so your router is
working correctly. The bad news is that 10054 is almost certainly a
problem with the VNC server:

http://www.realvnc.com/pipermail/vnc-list/2006-April/054749.html

 	Exactly what versions are you running on the Viewer and
Server side of the connection?

thanks,
Scott


On Mon, 9 Jul 2007, Johan Le Maire wrote:

> Hey Scott,
>
> I told VNC Server to listen on this port through "Options" ->
> "Connections" -> "Accept connections on port: " -> 27036. I just checked
> with netstat -an and indeed the PC is listening on that port (amongst
> others)
>
> Indeed, I want to connect to that pc with some.dyndns::27036.
>
> When I connect from a PC inside my network, netstat says:
> TCP    90.0.0.241:27036       90.0.0.2:4674          ESTABLISHED
> and the windows Eventlog says "Connections: accepted: 90.0.0.2::4674".
> I disconnect and reconnect to the VNC, and this time the port is 4680:
> TCP    90.0.0.241:27036       90.0.0.2:4680          ESTABLISHED
>
> I guess that's the reason why it can't get past my (nat-)router: Only the
> range 27031-27039 has been opened...
>
> When I try to connect from outside, these three messages appear in the
> eventlog:
> Connections: accepted: 81.240.207.222::4707
> Connections: closed: 81.240.207.222::4707 (write/select: Connection reset by
> peer (10054))
> EventSocketManager: write/select: Connection reset by peer (10054)
>
> Cheers,
> Johan
>
> -----Oorspronkelijk bericht-----
> Van: vnc-list-admin "at" realvnc.com
> [mailto:vnc-list-admin "at" realvnc.com]Namens Scott C. Best
> Verzonden: maandag 9 juli 2007 20:39
> Aan: vnc-list "at" realvnc.com
> CC: johan "at" johanlemaire.be
> Onderwerp: Re: VNC and NAT - using random ports?
>
>
> Johan:
>
> 	Hello! Just checking: if you open a command-line on your
> Windows PC (Start -> Run -> "cmd"), and then "netstat -an", can you
> verify that something is listening to "27036"? I'm not sure how
> you "told" the VNC Server to listen to this port, but the netstat
> command will tell you if it did.
>
> 	Also, on the Viewer side, how did you tell it to connect
> to your PC's port "27036"? I assume you typed in something like
> "external.ip.address::27036"?
>
> cheers,
> Scott
>
>
>> Hello,
>>
>> I'm trying to run 2 PCs with VNCserver (4.1.7) behind my router. One Pc is
>> in the DMZ, and I have no problems connecting to that one. On the other
> one,
>> I have changed the port number from 5900 to 27036, and in my router the
>> ports 27031-27039 are all forwarded to that PC (TCP), but it still doesn't
>> work.
>> In the windows event log, I can see (on both machines) the VNC server is
>> always trying to use another port, and I guess that's the reason why the
>> non-DMZ computer can't be accessed.
>>
>> Why is the VNCserver trying to use another port than the 27036 I told him?
>> How can I force the server to use this port? Is there an other way to make
>> this work?
>>
>> Thanks in advance,
>> Johan