Multiple Nodes Behind Firewall

[tassie$devil]

I have a client with multiple machines sitting behind a Belkin Wireless Router with internal facing IP addresses:

clientmachine1 192.168.0.10
clientmachine2 192.168.0.11
clientmachine3 192.168.0.12

ISP provides a single dynamic IP address 24.117.x.y

I unblocked ports 5500 and 5900 on the client's Belkin router.

To assist in trying to resolve the dynamic address I leveraged http://www.dyndns.org and assigned an alias to this dynamic address.

clientdomain.dnsalias.net

This name correctly resolves to the 24.117.x.y address or whatever is is changed to the next time a new address is assigned by the ISP's DNS server(s).

So on to my question.

I set all 3 client machines up with the latest UltraVNC s/w and verified they could see my server back at the office which was setup with UltraVNC Server & UltraVNC Viewer (listening mode).

However, when I got home and tried to initiate contact with any of the boxes I could not contact any of them. I am a little confused as to how I can initiate a VNC connection to any one of the client machines because their IP address is not public & they all share a single DHCP address.

I have read the documentation and I am unable to resolve. Any suggestions?

Tassie$Devil

[NightRyder]

maybe you can forward seperate ports for each of the computers.
ie. 5501 for the 192.168.0.10 machine1, 5502 for the 0.11 and 5503 for the 0.12. Then when you go to connect, change the port to w/e.

[lenisham]

maybe you can forward seperate ports for each of the computers.
ie. 5501 for the 192.168.0.10 machine1, 5502 for the 0.11 and 5503 for the 0.12. Then when you go to connect, change the port to w/e.

Don't forget to forward the ports on the router.

[tassie$devil]

Perhaps I am still a little confused but this is what I have done based on the responses.

I started the UltraVNC Server in service-mode on each of my 3 client machines:

clientmachine1 192.168.0.10
clientmachine2 192.168.0.11
clientmachine3 192.168.0.12

I note that in the properties of each of the client machines it is clear that UltraVNC Server service/process is listening on port 5900. Based on the suggestions I decided to "redirect/map" a separate port to each client machine.

5900 clientmachine1 5900
5901 clientmachine2 5900
5902 clientmachine3 5900

My intent is that when I start a session outside of the firewall and request a connection to clientdomain.dnsalias.net::5902 for instance that the router will see port 5902 and know that a mapping to clientmachine 5900 is required. Given that UltraVNC is listening on 5900 on clientmachine3 it should work.

BUT IT DOES NOT.

I am having a mental brain fart. Anyone out there who might be able to put me back on the straight & narrow please?

[lenisham]

Perhaps I am still a little confused but this is what I have done based on the responses.

I started the UltraVNC Server in service-mode on each of my 3 client machines:

clientmachine1 192.168.0.10
clientmachine2 192.168.0.11
clientmachine3 192.168.0.12

I note that in the properties of each of the client machines it is clear that UltraVNC Server service/process is listening on port 5900. Based on the suggestions I decided to "redirect/map" a separate port to each client machine.

5900 clientmachine1 5900
5901 clientmachine2 5900
5902 clientmachine3 5900

My intent is that when I start a session outside of the firewall and request a connection to clientdomain.dnsalias.net::5902 for instance that the router will see port 5902 and know that a mapping to clientmachine 5900 is required. Given that UltraVNC is listening on 5900 on clientmachine3 it should work.

BUT IT DOES NOT.

I am having a mental brain fart. Anyone out there who might be able to put me back on the straight & narrow please?

Looks good to me. Have you loaded a protocol analyzer to check the packets?

[tassie$devil]

No. Any suggestions? I presume there is software out there to do this packet tracing?

[ashram]

I have mine setup in a similar fashion. I can connect, but only to the main server (which acts as the router).

x1 (acts as gateway) 192.168.0.1
x2 192.168.0.2

5901-> 192.168.0.2:5900

Port 5901 works and display x2 in the title; however, it's the desktop of x1.

What am I missing?

Thanks.

[jb]

I have got the same problem , I have 3 computers on my router , I set a port frowarding : 5902 -->192.168.1.2 5900
5903-->192.168.1.3 5900
5904--->192.168.1.4 5900

BUT it don't work at all!!
Can anybody help me please??

[Rudi De Vos]

For multiple servers behind a firewall you can download the repeater.

1 port forwarding...to repeater and repeater take care of the internal distribution.

[ronan]

For multiple servers behind a firewall you can download the repeater.

1 port forwarding...to repeater and repeater take care of the internal distribution.

Would it also work with multiple viewers behind a firewall ?

What setup would you need when the server launches an "add client" (or -connect) command to choose which server to connect to.

Ronan

[Rudi De Vos]

no,

Repeater is made to access multiple servers behind a Nat.

Viewer --->Internet-->NAT (port forwrding)-->Repeater

Repeater--
--> Server1
--> Server2
--> Server3
...

For multiple viewer behind a NAT, you don't need axtra software. No revers connection needed

Viewer 1-->
Viewer 2-->
...
-->Internet-->NAT (Forward port)-->Server

[Neumi]

I had exactly the same problem using a US Robotics Router/Firewall.

Then I changed to a Netgear Router and it worked with exactly the same settings and it worked.

The Netgear firewall doesn't support port redirection.

My first configuration on the US Robotics router was:
wan:5901 -> local1:5900
wan:5902 -> local2:5900
wan:5903 -> local3:5900
That didn't work.

So I tried:
wan:5901 -> local1:5901
wan:5902 -> local2:5902
wan:5903 -> local3:5903

This configuration did not work on the US Robotics Router, but worked fine on the NetGear Router.
Don't know why.

[JVH]

I recently added an SMC barracde wireless router to my home network. Previously my setup was to dual home my system and have my system be the firewall with ICS turned on for the other systems in the house. This worked fine for me to VNC into my system. Now I have the SMC router as the access point. My system is ip 192.168.1.100 the router is 192.168.1.1 internally. I have virtual server set to allow port 5900 to map from the external IP 69.240.xxx.xxx to 192.168.1.100.
Outbound I can vnc to my office and via the repeater reach all systems. From the office I get a connection failed message.
Not sure what to do at this point.

[darkhelmetchris]

Something that I haven't seen in this thread is the problem that DHCP introduces. The advice so far looks great, but keep in mind that if your machines boot in opposite order, you may get the internal IP addresses reversed. If you're connecting from outside your network (from the internet) and your machines are set for DHCP, your router may arbitrarily assign a different IP. It's not often, but it happens and when it's inconvenient.

1. Check your DHCP range, and set up your stations to use an address outside it. For example, if your DHCP range is 192.168.1.100-199 then set them as 192.168.1.10 and .11 and remember to set your DNS to point to your router at 192.168.1.1.

2. Set your port forwarding on your router to point to the new IPs.

Now, if you prefer to keep DHCP for some reason, some routers will let you specify static DHCP entries so that a particular MAC address always gets the same IP address. This is OK, if you know what you're doing.

Hope that helps.