RealVNC firewall troubles on 3Com officeconnect router

[t_v]

Hello.

I have tried to open port 5900 - 5906 on my 3Com Officeconnect cable/DSL router in order to log into the VNC server running on my computer (from the Internet).

I have selected port 5900-5906 and the (local) IP address of the computer hosting the VNC server using the "virtual server" option on the firewall settings. The VNC server does run un port 5900.

However, I am not able to connect to the VNC server. Anyone have any ideas how to correct this error?

 

[Nodsu]

How and from where are you trying to connect? Many routers do not support loopback connections - you cannot connect to your own internet address from your internal network.

Is the software firewall on the computer cofigured properly? Make sure that the VNC server is configured to accept connections from all remote addresses. Can you connect to the VNC server using another computer on the LAN?

 

[t_v]

Thanks for your fast reply

I have disabled the SW firewall at the PC running the server when debugging. I'm connecting from another computer outside the LAN/WLAN using the Internet.

I have tried 2 configurations:
1. Connect the computer running VNC to the router using CAT5 cable. Connect from another computer oustide the LAN/WLAN using the Internet. This works perfectly fine! (10.0.0.X)
2. Connect the computer running VNC to the router using the WLAN. Connect from another computer oustide the LAN/WLAN using the Internet. This does not work (192.168.10.X) (I get reply on PING)

 

[DelJo63]

VPN software will by design disable access to a local LAN. This is important to
the remote system security that you are connecting to.

Consider: If LAN access were allowed while the VPN connection were active, then
anything on the LAN could use the VPN link to access and corrupt the remote system.

VPN usage is typically binary: you access the remote VPN site OR disconnect and
access your LAN systems.

 

[t_v]

There must be something I don't understand....

I have computer A and B connected to a 3Com gateway. They both have local IP addresses, but they share the same global IP address. Both are running VNC servers.

Then, I have computer C running VNC viewer at a very different location.

When I configure the viewer at C to connect to the global IP address of computer A&B, I'm able to connect to A as long as it also is wired to the router using a CAT5 cable. However, when A&B only are connected to the router using wirless, I'm unable to connect to A.

What I don't understand is:
1) Why am I able to connect to A (from C) when A is wired to the router, but not when A is not wired to the router?

2) If I'm able to resolve 1). How do I select if a want to connect to A or B? (They both have the same global IP, which I configure at C...)

I'm a little confused...

 

[DelJo63]

I'll quote this ...

VNC by default uses TCP ports 5900 through 5906, each port corresponding to a separate screen 0 to :6). A Java viewer is available in many implementations such as RealVNC on ports 5800 through 5806, allowing clients to interact through, among other things, a Java-enabled web browser. Other ports can be used as long as both client and server are configured accordingly. Some operating systems, such as Windows XP, only support a single VNC session at a time[citation needed].

Using VNC over the Internet works well if you have a broadband connection at both ends. However, it may require advanced NAT, firewall and router configuration such as port forwarding in order for the connection to go through. Some users may choose to use instant private networking applications such as Remobo or VPN applications such as Hamachi to make usage over the Internet much easier. Remobo also adds an additional layer of encryption for enhanced security.​

 

[t_v]

Thanks your your information.

I've also checked www.portforward.com. Seems like I have configured VNC / portforward at the router according to the guide. Still don't get any contact with the VNC server from Internet. Ping reply OK. OK when running VNC client on another computer inside the LAN/WLAN.

 

[tipstir]

I've tested this on wireless laptop at a different location about 20 to 30 miles from my network home. Try Ultra VNC it has more features looks like Radmin from Farmtech. But Ultra VNC is freeware and uses the java client. What I would do if I was you is get Ultra VNC install both client and server on the PCs you need to access.

In you router point Port 5900 to 5999 TCP/UDP to your IP address you want to connect too.. If you don't have a domain setup you can use no-ip or dyndns.org and that will take your IP from your ISP and make it into a domain name but still using your IP. Kinda masking it in a way for free. If your router doesn't have the tools to keep this free service alive you need to download their software client to run.

Example. http://tv_home.ip.net so instead of using 59.99.99.99 ISP IP assigned to you it would be now called http://tv_home.ip.net

Now from any remote location you could VNC into the that by this way:

http://tv_home.ip.net:5900

user name
password box you prompt you to get access to your remote network

Also another way to do this some routers have VS (virtual server) that allows you to gain access to your netwok from the internet.

Name of Service_Remote Access
Port 5900
Port 5999
IP adddress of the system you want to connect to:
always available
schedule to shutdown or stay open from etc. etc..

 

[Nodsu]

When describing your successful and unsuccessful connections, you said that the wired network is 10.x.x.x and the wireless network is 192.168.x.x? Basic routers do not support several different LANs, but you are claiming that you have two different local networks. You either have an advanced business-class router or two router devices there or some messed up networking..

Is your router the device that is providing wireless connectivity (does it have antennas attached!)? If no, then you have to take a look at this other thing that is dishing out 192.168 addresses.

 

[t_v]

I have a 3Com officeconnect wireless 11g Cable / DSL router.

The antennas / WLAN provides the 192.x. network, the switch (included in the router) provides the 10.x network using CAT5 cable.

I have now tried remote desktop. I enabled remote desktop (incudling the windows firewall) on the computer I would like to connect to. Then I configured port forwarding to the local 192.x IP address of this computer (port 3389)

However - there is no response when I try to connect to the router / global IP address from the other computer (located outside the LAN/WLAN-Internet).....

 

[DelJo63]

if the target system is on the 10.x.x.x net, then the secondary router needs port forwarding too.

 

[t_v]

thanks.

I'm afraid the target system is on the 192.x

 

[Nodsu]

Well, try to figure out how your network is built. Obviously it is not a simple router sharing a broadband connection. See what exactly connects to what. (Including the fact that you may be connecting to an open wireless network across the street.)

 

[t_v]

Global IP: 80x

3COM CABLE /DSL Router
-> Connection 1: CAT 5/LAN, IP10x -> Computer 1
-> Connection 2: WLAN, IP192x -> Computer 1
-> Connection 3: WLAN, IP192x -> Computer 2

if CAT5/LAN disconnected computer 1: Ping to 80x OK. VNC to 80x NOK. (from Internet)
if CAT5/LAN connected computer 1: Ping to 80x OK. VNC to 80x OK. (from Internet)
VNC between from computer 1 to computer 2 OK. (using 192x network)

i.e. VNC is OK when computer 1 is connected to the 10x network (using CAT5). VNC is NOK when computer 1 is connected to 192x (using WLAN).

 

[t_v]

Please see attached JPG file

 

[Nodsu]

So, how do you know that this 192.168 IP came from your OfficeConnect router?

Try this: go to the 3com's setup and disable wireless. See if A and B still get the same wifi connection.

Also, the exact model of the router would help. OfficeConnect is a huge product line of different stuff.

 

[t_v]

There's no other wireless network in the area. (it's a remote location)

I'll revert with the exact model of the router.

 

[Nodsu]

OK, assuming that you are indeed connecting to the correct router device (not even an ad-hoc connection advertised by another computer), you are still receiving the wrong IP configuration over DHCP. Could it be that there is a computer on your network that is set up to do internet connection sharing and it is sharing its wired connection to wireless, overriding the router's DHCP?

Get the "ipconfig /all" output from the wired computer and the wireless one (paste here maybe).

 

[t_v]

Router model: 3 crwe554g72t

 

[Nodsu]

The router manual confirms that it's a simple device and has only one LAN network served by one DHCP server.

Assuming that your wireless and wired networks are both connected to the same router, you either have misconfigured the client compters or you have two DHCP servers on your network.

 

[t_v]

Windows IP-konfigurasjon


Ethernet-kort Lokal tilkobling:

Tilkoblingsspesifikt DNS-suffiks : lan
IP-adresse . . . . . . . . . . . : 10.0.0.2
Nettverksmaske . . . . . . . . . : 255.255.255.0
Standard gateway . . . . . . . . : 10.0.0.138

Ethernet-kort Trdls nettverkstilkobling 2:

Tilkoblingsspesifikt DNS-suffiks :
IP-adresse . . . . . . . . . . . : 192.168.10.254
Nettverksmaske . . . . . . . . . : 255.255.255.0
Standard gateway . . . . . . . . :

C:\Documents and Settings\Eier>ipconfig /all

Windows IP-konfigurasjon

Vertsnavn . . . . . . . . . . . :
Primr DNS-suffiks . . . . . . . :
Nodetype . . . . . . . . . . . . : Hybrid
IP-ruting aktivert . . . . . . . : Nei
WINS Proxy aktivert. . . . . . . : Nei
Skeliste for DNS-suffiks. . . . : lan

Ethernet-kort Lokal tilkobling:

Tilkoblingsspesifikt DNS-suffiks : lan
Beskrivelse . . . . . . . . . . : National Semiconductor DP83815-basert
PCI Fast Ethernet-kort
Fysisk adresse . . . . . . . . . :
DHCP aktivert. . . . . . . . . . : Ja
Automatisk konfigurasjon aktivert: Ja
IP-adresse . . . . . . . . . . . : 10.0.0.2
Nettverksmaske . . . . . . . . . : 255.255.255.0
Standard gateway . . . . . . . . : 10.0.0.138
DHCP-server. . . . . . . . . . . : 10.0.0.138
DNS-servere. . . . . . . . . . . : 10.0.0.138
Leasingavtale mottatt. . . . . . : 31. januar 2008 21:30:33
Leasingavtale utgr. . . . . . . : 1. februar 2008 21:30:33

Ethernet-kort Trdls nettverkstilkobling 2:

Tilkoblingsspesifikt DNS-suffiks :
Beskrivelse . . . . . . . . . . : 3COM OfficeConnect Wireless 11g Compa
ct USB Adapter
Fysisk adresse . . . . . . . . . :
DHCP aktivert. . . . . . . . . . : Ja
Automatisk konfigurasjon aktivert: Ja
IP-adresse . . . . . . . . . . . : 192.168.10.254
Nettverksmaske . . . . . . . . . : 255.255.255.0
Standard gateway . . . . . . . . : 192.168.10.1
DHCP-server. . . . . . . . . . . : 192.168.10.1
DNS-servere. . . . . . . . . . . : 192.168.10.1
Leasingavtale mottatt. . . . . . : 31. januar 2008 21:30:58
Leasingavtale utgr. . . . . . . : 19. januar 2038 04:14:07

 

[t_v]

Routing table from the router:

Flags Network Address Netmask Gateway Interface Metric
C 127.0.0.1 255.255.255.255 127.0.0.1 Loopback 1
C 224.0.1.134 255.255.255.255 192.168.10.1 LAN 1
S 0.0.0.0 0.0.0.0 10.0.0.138 WAN 1
C 10.0.0.0 255.255.255.0 10.0.0.1 WAN 1
C 192.168.10.0 255.255.255.0 192.168.10.1 LAN 1

--------------------------------------------------------------------------------
Note: Flags : C - directly connected, S - static, R - RIP, I - ICMP Redirect.

 

[t_v]

I have some troubles to understand why the 10.x network is configured and part of the routing table...I can not find anything that specify a 10.x network in the router...

 

[DelJo63]

Windows IP-konfigurasjon

Ethernet-kort Lokal tilkobling:

Tilkoblingsspesifikt DNS-suffiks : lan
Beskrivelse . . . . . . . . . . : National Semiconductor DP83815-basert PCI Fast Ethernet-kort
Fysisk adresse . . . . . . . . . :
DHCP aktivert. . . . . . . . . . : Ja
Automatisk konfigurasjon aktivert: Ja
IP-adresse . . . . . . . . . . . : 10.0.0.2
Nettverksmaske . . . . . . . . . : 255.255.255.0
Standard gateway . . . . . . . . : 10.0.0.138
DHCP-server. . . . . . . . . . . : 10.0.0.138
DNS-servere. . . . . . . . . . . : 10.0.0.138
Leasingavtale mottatt. . . . . . : 31. januar 2008 21:30:33
Leasingavtale utgr. . . . . . . : 1. februar 2008 21:30:33

Ethernet-kort Trdls nettverkstilkobling 2:

Tilkoblingsspesifikt DNS-suffiks :
Beskrivelse . . . . . . . . . . : 3COM OfficeConnect Wireless 11g Compact USB Adapter
Fysisk adresse . . . . . . . . . :
DHCP aktivert. . . . . . . . . . : Ja
Automatisk konfigurasjon aktivert: Ja
IP-adresse . . . . . . . . . . . : 192.168.10.254
Nettverksmaske . . . . . . . . . : 255.255.255.0
Standard gateway . . . . . . . . : 192.168.10.1
DHCP-server. . . . . . . . . . . : 192.168.10.1
DNS-servere. . . . . . . . . . . : 192.168.10.1
Leasingavtale mottatt. . . . . . : 31. januar 2008 21:30:58
Leasingavtale utgr. . . . . . . : 19. januar 2038 04:14:07

You've got BOTH the Nic(wired) and Wireless adaptors running and connected.
In addition, you have no DEFAULT Gateway.

It is possible to make this work, but I suspect this is not what you intended to do.

If you do intend to run this way, you need to add some ROUTES to your routing table
to tell your system where to read/write packets based upon the remote destinations.
Be advised: If you add routes to make the wireless repsond AND it is not connected,
then those data streams will just fail with Host Not Accessible

 

[t_v]

The reason both the Nic and Wireless are enabled is the fact that I'm unable to connect to the PC (from Internet using VNC, remote desktop, pcAynwhere etc) when only the wireless is enabled. Therefore, I enabled the Nic as well in order to connect to the PC.

Why is a 10.x IP allocted to the Nic, as a 192.x is allocated to the wireless? I would guess that both the Nic and wireless should be allocated a 192.x IP (two different IP's obviously) by the 3Com DHCP?