Update: UltraVNC 1.4.3.6 and UltraVNC SC 1.4.3.6: https://forum.uvnc.com/viewtopic.php?t=37885
Important: Please update to latest version before to create a reply, a topic or an issue: https://forum.uvnc.com/viewtopic.php?t=37864

Join us on social networks and share our announcements:
- Website: https://uvnc.com/
- GitHub: https://github.com/ultravnc
- Mastodon: https://mastodon.social/@ultravnc
- Facebook: https://www.facebook.com/ultravnc1
- X/Twitter: https://x.com/ultravnc1
- Reddit community: https://www.reddit.com/r/ultravnc
- OpenHub: https://openhub.net/p/ultravnc

Firewall on both ends, only one can be setup by me

Post Reply
rcs
8
8
Posts: 12
Joined: 2006-02-19 02:46

Firewall on both ends, only one can be setup by me

Post by rcs »

Is there anyone who knows a way to connect to a machine in this config? There are people at both ends to accept/begin the communication link. Thanks.
SuperTurtle
20
20
Posts: 48
Joined: 2006-02-27 11:31

Post by SuperTurtle »

Actually, if both of you are behind firewalls and a NAT router, and you use the repeater, then NEITHER of you need to config anything!

I use the repeater, and so when I am on the road with my notebook at a hotel (behind a router with 25 other people sharing the SAME ip address), or at a corporate clients using their internet (with my notebook), I can still punch out..and not even have to change, or type in a different ip address (I use the repeater one…so, my victim who needs help, and also never has to type in anything –(they using Single Clink VNC).

Gee, no ip numbers…nothing…we just click and we connect (the ip number is pre-configured for the client..and same for me….since we are connecting to a middle machine with the same adresss..this is all just so simply, and easy….no more typing in ip numbers!!!).

Anyway…lets just ignore the above. IF you forward the vnc ports on your end (your router) to your workstation, then the end user can simply initiate a “reverse” connection to your public internet ip address, and you should both should be good to go.

In other words…they should have little, if any troubling punching OUT of the network..and no changes should be needed their network in this case. So, have the person running the “sever” part simply right click on the system tray (of the server), and use “add new client”….this means the user is punching OUT of their fire walled network…and thus can reach you and your IP address which you configed your router to send to your machine behind the router…

You likely should consider using port 80 for the user to punch out…and simply forward port 80 on your router to your computer. Most firewalls allow port 80 out, since that is the same on used for the browser to connect to the web.

So, you should not need to config the system at work at all. However, since you mention that users will be on both ends…single click sounds like a real good choice, as you then don’t even have to install ANYTHING on the persons computer at work until they need help (you don’t make waves by having to install anything on computers at work!!). You then either direct them to your web site to download the small “server: file…they then click on this..and they connect to you (that file has your ip address built in).

You can read about SC here…

http://sc.uvnc.com/index.php?section=12

You of course don’t have to use the repeater with SC…but it is real nice to do so, as then you can offer support anywhere…and any time….

With your forwared ports, SC woudl also work very well..and end users would not have to type in a ip address if you use SC.

SuperTurtle.
rcs
8
8
Posts: 12
Joined: 2006-02-19 02:46

Post by rcs »

Ok, can we try this again without the used car commercial? :P

One machine is MY work machine. (no router access)
One machine is MY home machine. (router access and configured/tested)

WORK -> Calls -> HOME
(USE THIS) ---> (SEE THIS REMOTELY)

Right now I've been using a DNS for my home, so it doesn't matter what the IP is, and since I'm the only person using it, that doesn't matter either.
Currently I've got a server listening at home,but that doesn't seem to be working. So you want me to do what now? create a listener at home, and connect into that using the client here at work?
SuperTurtle
20
20
Posts: 48
Joined: 2006-02-27 11:31

Post by SuperTurtle »

>So you want me to do what now? create a listener at home, and connect into that using the client here at work?

Ok, I kind of thought you wanted to connect to your work machine from home…

In my "long" post, the key point here is that you *should* not have trouble punching OUT of your work network. The point was that if your machine that you are trying to connect to has a router/network that can’t be re-configured, then you have that machine initiate the connection. (and, it matters NOT which system you are trying to remote use). Both the VNC “server” and the “viewer” can initiate a connection.

It may seem strange that the “server”, or so called listener can initiate a connection, but, this feature is built in to solve the problem of difficult connections.

Normally, the viewer connects to the server. However, you can have the “server” connect out in those cases where you can’t have an incoming connection. The KEY point was that you will have MUCH BETTER luck connecting out of a network. And, since you will have a person at each end, then this is a possible for you. (it needs pointing out that the server normally can’t initiate a connection without a person to do this).

However, since you connecting out of your work system to your home system, then you are initiating the connection in a standard fashion anyway.

So, why now does it now work? With the information you given so far, it really guessing time.

It is possible that your work fire wall system simply does not allow you the standard vnc ports. You might be restricted to only the web browser ports such as 80 and 443.

So, what ports are you now using with VNC? Also, does your work system allow you to use those ports? As mentoend, since you can’t change your work system, you might want to try using port 80 on the viewer at work, and setup your “server” at home to also be on port 80.

>home router access and configured/tested)

So, have you tested connecting to you home system from another machine that is not at work? That would certainly eliminate the firewall problem, or just plain tell your that your home setup is wrong altogether. And, in place of the DNS, use the raw ip address of the home system…and see if that works. (it it works..then DNS is the problem..if it don’t..then something else can be looked for).

I would first look at the ports used, and try changing them. I would also try to connecting to your home machine from another network. (not the work one) and see if that works. And, for sure...try using the raw ip address untill you get things working for the home system.


SuperTurtle
rcs
8
8
Posts: 12
Joined: 2006-02-19 02:46

Post by rcs »

I've connected to my home machine from all over the USA, both private firewalled locations, and residences. Never had much trouble. I've tried connecting directly to the IP, and that is a no go as well. (from this network at the office).

Currently I've got the system setup to run using port 5500. I can try 443, but 80 is already in use for a webserver from my home location.

Does this mean change to port and try calling here from the server?(home -> work)? If yes, then how do I do that?

Thanks for your thoughts superturtle.
Post Reply