Hi, I'm new to VNC, but after a fortnight messing with it, and
having searched till my eyes ache in the archives, I need some
help, please. If this message is overly long and complex, I
apologise, but it seems a complex problem, or rather problems.
I have 4 networked PCs, each with a public IP, to manage
remotely, and VNC seemed like a good idea. I went for TightVNC
because I like the local cursor feature. The target machines
are - 2 XP Pro, 2 XP Home, all with NIS 2003 installed - no port
blocks and no firewall on the public side of the target
machines, and they sit behind a router that has basically been
disabled - it's just a pass through (no NAT). All instances of
NIS have TightVNC server and viewer permitted access to the
internet, and NIS's firewall has the correct IPs or handles
entered in the list of trusted computers - PC1 has the IP range
of the targets entered, etc.
On the managing PC (PC1) and all the target PCs, I've told NIS
to open ports 5800, 5900 and 5500, and Norton has the normal
browser etc. ports open - I can certainly talk with the web as
one normally would do. The router that PC1 sits behind forwards
ports 5500, 5800 and 5900 to PC1, which has a static IP of the
192.168.xxx.xxx variety. PC1's router (Linksys BEFSX41 firewall
switch router - no firewall enabled other than NAT) sits behind
a BellSouth Westell DSL modem in bridged mode (DHCP off), and
the router is set up with DHCP off and PPoE enabled. I use a
DynDNS handle with auto-updating for PC1's public side, and the
target machines have my DynDNS handle entered as a trusted
address in NIS. I always make sure my DynDNS handle IP is up to
date before connecting VNC. I'm running XP Pro on the viewer PC
(PC1), and can connect to the target machines OK as long as
Norton Internet Security 2003 (NIS) is turned off on PC1. If
PC1 has NIS enabled, TightVNC can't connect to the targets. I
can turn off everything in PC1's NIS (firewall, intrusion
detection - everything else, except disabling NIS Itself) and I
still can't connect. If I disable NIS on PC1, I can connect OK
- no problems, even with NIS enabled on the target machines. So
- what is it that NIS is doing that stops a VNC connection being
made? I set up another local testbed target machine connected
through the router switch - the managing machine (PC1) and the
testbed talk to each other as networked machines quite OK using
names, or static IPs - whatever, as long as I set up NIS to
allow the right name or IP through. But - try to use TightVNC
between the two, and I get no connection, until I disable NIS on
PC1 - then it works fine. The same is true in reverse - if I
use the testbed as the viewer looking at the managing machine,
if I disable NIS on the testbed, I can view and control PC1 no
problems.
Since PC1 is pretty secure without NIS anyway, it's no big deal,
but I just wonder what it is that NIS does on the viewer machine
that stops VNC connecting. One possible clue - with the same
setup (using PC1 as the viewer), if I try to view using an IE6
browser from PC1, and browse to http://xxx.xxx.xxx.xx:5800/ (one
of the target machines) I do get a VNC authentication screen,
but when I type in the password, I get a "Network error: remote
side closed connection" message. If I disable NIS on PC1, I can
connect OK using the Java browser method.
So - Problem 1 is - What is NIS doing to stop VNC
connecting? The Symantec web site is no help at all.... And I
can't find a list covering NIS/remote connection issues. I only
ever use the first instance of a view screen (5800/5900), but I
have added 5801 and 2, 5901 and 2 as allowed ports (and
forwarded those correctly in the case of the viewer (PC1) for
PC1 and the targets.
Problem 2 - one of the target machines breaks the connection
after a short time - can be a few minutes, can be 30 seconds or
so, and there is no consistency in the state it leaves the
target machine in - sometimes the machine is frozen, needing to
be powered off then on; sometimes it just disconnects, but it
always breaks the target machine's internet connection, and that
machine has to have as a minimum ipconfig /release /renew to get
back on air. The other three machines are perfectly well
behaved - I can work away for hours on them if I wish. I've
checked that the problem target has the same settings in NIS and
TightVNC as those that have no problem. There are two things
different about the target machine - it has a Logitech cordless
mouse, and an LCD screen (Envision 17"). It seems like a
classic case of resource sharing conflict, but I can't find
anything that uses a port remotely near anything that TightVNC
is said to use. Does TightVNC use ports other than those
publicly disclosed, in the handshaking phase of establishing a
connection, for example? That could explain a lot...
Thanks in advance for any help offered, even if it doesn't solve
either problem.
Dan Ellis
[EMAIL PROTECTED]
_______________________________________________
VNC-List mailing list
[EMAIL PROTECTED]
http://www.realvnc.com/mailman/listinfo/vnc-list
