cancel
Showing results for 
Search instead for 
Did you mean: 

Remote connection frustration

bmck
Dabbler
Posts: 21
Registered: 16-08-2007

Remote connection frustration

Hello Folks

Can anyone help with ths problem?

I'm running three pc's behind a Speedtouch 510 ADSL Modem / Router / Firewall on a plusnet broadband 512 connection - fixed ip address. I want to be able to access my main pc remotely. To this end I've opened the revelant ports in the firewall for the programs I've tried to use for remote access (I've tried VNC, TightVNC and also PC Anywhere). The problem is - I cannot get in!

Specifically - at the "home end" I've set up the pc I'm trying to access with a fixed IP address on my home network. "10.0.0.1" In the router I've opened up ports 5800 & 5900 for TightVNC and pointed them to 10.0.0.1, similarly 5801 & 5901 for VNC and 5631 & 5632 for PCAnywhere 10.5.

As I've opened up the correct ports for three different applications and have had no success connecting remotely - I must be doing something else wrong - but don't know what! I can run the TightVNC server at home and do the "hall of mirrors" loopback thing, I can use VNC accross my internal network and have successfully conected to a friends pc from home with PCAnywhere. I just don't seem to be able to access my machine from the outside world - which is t he point of the excercise.

BTW from the remote location I'm opening a browser and typing http://<my plusnet fixed ip address>:5800 for TightVNC. Also I do not have any software firewalls running.

What am I doing wrong / missing?

Can anyone help.............?

Brian

:?
8 REPLIES
N/A

Remote connection frustration

Apart from the port forwarding, are you sure you have disabled any relevant firewall rules that prevent the connection from completing?
bmck
Dabbler
Posts: 21
Registered: 16-08-2007

Remote connection frustration

Thanks for the reply Acarr.

I guess the answer to your question has to be no. There is somrthing I'm not doing right with the ADSL modem / router / firewall that's preventing the connection from being made. I've set the "port forwarding" up correctly in the "NAPT" section of the Speedtouch's setup. Indeed I've contacted Speedtouch over this issue and they have told me do it the "long winded way" with a DOS box and Telnet. This was simply to open a VPN port (1723) and when this was done you could see that he port was set correctly in the NAPT section. (In fact I don't know why they had me set it with Telnet....)

Today I've downlaoded and run "SuperScan". With this utility I've looked out from another pc on my network to my ip address to see which ports are open. I was hoping to see 5800 & 5900, 5801 & 5901, 5631 & 5632 these being the ports I've "forwarded" and required for the various progs I've tried. However the only ports it reported as being open were 21, 23 & 80 which I believe would be for FTP, Telnet and the web. IE normal. So the ports I think I've opened to web are clearly not open.

I'm stumped (as usual). Any more ideas?
N/A

Remote connection frustration

Are you by any chance performing the tests from inside the network you are trying to test?

If so, then this is likely why.

Many routers do not map traffic from within the network, using the port forwarding rules.

As such, any tests performed there, will act as if the router should be answering the request.

Only hosts external to your network can test this.
bmck
Dabbler
Posts: 21
Registered: 16-08-2007

Remote connection frustration

Ah ha. Yes I was! I'll call my brother and ask him to try.

Watch this space!

Brian
bmck
Dabbler
Posts: 21
Registered: 16-08-2007

Remote connection frustration

Well we tried again - conducting the SuperScan port scanning test from a dialup connection 350 miles away and came up with a big fat zero for connections, UDP & TCP. He didn't see me at all. Curiously, I tried the test on him (my brother) having had him obtain his active ip address from "ipconfig" and had the same result - I couldn't see him either. We tried pinging each other too - no joy.

Could the respective isp's be blocking this sort of activity - to keep out "hackers?" It's not helped me anyway - I just wanted to know if the ports req'd for fo the various VPN progs. ifI've tried were open to the outside world.

As you might expect he was unable to access me using TightVNC either.

The frustration continues......... other people manage to do this sort of thing - why can't I?

Brian
bmck
Dabbler
Posts: 21
Registered: 16-08-2007

Remote connection frustration

Someone must know what I'm doing wrong...........?
N/A

Remote connection frustration

Pings are not blocked by the ISP. Port 135 was blocked due to the MSblaster virus but that port may be open again.
Basically, it's down to your settings and firewall somewhere.
mssystems
Rising Star
Posts: 269
Thanks: 33
Fixes: 1
Registered: 10-08-2007

Remote connection frustration

First thing I would try is verifying that the router NAPT is working and ports are being forwarded. Set up a web server on your PC forward port 80 on the router and see if you can reach the web server from outside the router.

If you can forward port 80;
Check the application is compatible with NAPT. If you have a DMZ function, specify your PC and see if you can run your application. The DMZ will forward all ports to the specified address, if your app fails it may not be compatible with NAPT.

If you can connect using the DMZ;
Check which ports are required to be open. There is no single way to do this but you will probably have to sniff the network. You can get an Eval of Sygate Personal Firewall Pro from the Sygate web site. It includes a handy packet logging feature which ties traffic to applications.

If you can sniff both sides of the router all the better as you should be able to identify traffic which is blocked somewhere or traffic which NAPT has broken.

Looking at a TightVNC connection attempt, the local port is 2022. Now in theory NPT should allow return traffic to 2022 after the connection is initiated on 5900. But it don't always work like that (FTP for instance). It is worth opening the local port just to see if that fixes it.

Don't rely on port scanning and ping. They only make sense if you know what you are looking at. A good firewall may show ports as closed or non-existant and may not respond to ping (ICMP) on the outside interface. These are standard measures to prevent DOS attacks.

One final thing to check is the mtu of the router. There are problems with certain router / firewalls fragmenting packets and breaking applications.

HTH
Matt