Random Ports Used for Server Connect To Client

[RobH]

Is there any way to have the server use a specific port to connect to a listening viewer?

Once I am connected and right click and look at connection info the external port is all over the board. First time it's 11582 then 53874? Is there a way to get control of that?

The reason I ask is I have customers who block outbound traffic but are willing to open a port to allow the VNC outbound.

It looks like it needs everything open from 1000 and up?

[ipsec]

if you have someone that wants the port controlled you may want to look at single click option.

Small executable that you can specify to go to you (through dyndns or something if you dont have a static IP)

This way the server is only running when they want it to and the port can either be specified or use the default port of 5500.. whatever you prefer.

check out the SC forum or http://gotovnc.dynalias.com/index.php?section=12

[Guest]

The way that I do it is the same as the single click. just a little more advanced with an Inno Setup.
The problem is that it does not do a reverse connect on 5500 outbound. If you look at the stats when you are connected it uses random ports on the outbound machine.

Using the add new client or the single click is the same result.

And yes, I have them connecting to a dns address.

[ipsec]

The way that I do it is the same as the single click. just a little more advanced with an Inno Setup.
The problem is that it does not do a reverse connect on 5500 outbound. If you look at the stats when you are connected it uses random ports on the outbound machine.

Using the add new client or the single click is the same result.

And yes, I have them connecting to a dns address.

Okay.. since I have now tested this at home.. I am seeing your problem.

When I try to connect outbound (Via the app) the port varies, on the returned request from the listener, which makes it hard to port forward for these random ports, or if you are using XPSP2 firewall or XPSP1 firewall settings. Since this port was not originally opened up on the "Server" box..works great on LAN but not when there are port forwarding issues with routers involved.

Anyone else have a way around the random ports being used even though you specify 5500 (Or whatever you desire) in the application when you have it compiled?

I also found something called Nat2Nat.. but am unaware of what it actually does, how it connects ect.. its on the same site as SC... check it out.

[RobH]

Thanks for testing this. Atleast now I know I'm not crazy.

[ipsec]

anyone, devs, or admins gonna be able to help with this??

Just wondering.. hoping

[lizard]

i still don't get it. can you guys explain what is here under the discussion plz?
isn't it natural that port number varies on the client side? otherwise we can only create one connection one client&server combination. that sounds rediculous.
when making an outbound TCP connection, you should rather not be able to specify which port to use, and as far as i've understood there're hardly ways to do that.
besides inbound TCP communication ports aren't normally firewalled on an outbound connection, or how can you browse the web through your firewall?
maybe just that i'm not at all understanding what robh meant, though.

[rmoller]

Well;

while most outgoing TCP/IP connections do not care about the source port, it is perfectly legitimate and possible to specify the source port - the same way for outgoing connections as for listening sockets.

listening socket (port e.g. 5900 for vnc server or 5500 for listening viewer)

call socket(...)
call bind(...)
call listen(...)
call accept(...)

outgoing connection( vncviewer connect or winvnc -connect)

call socket(...)
call bind(...)
call connect(...)

Usually you specify port 0 in bind(...) for outgoing connections, in which case the system picks a random source port, but you can specify a value other than 0, like 5500, if you wish. Just remember, that two different connections cannot have identical combinations of source ip:port and target ip:port. This could be an issue with multiple connections from the same ip-adr to the same server/viewer/repeater.

All in all I seem to be saying the same thing as the previous poster in different words

- by the way; for multiple connections over one TCP/IP connection, look evt. at ssh or socks.

[ipsec]

The base problem is -
I try to connect over the internet via port 5500 from Tech computer to Customer computer (or vise versa however u want to see it) and it just wont work...

Customer computer should initiate the outgoing connection - the control port is random on the local machine. The outgoing port should be 5500 to the tech computer. The tech computer with the router port forwarding 5500 to tech computer1 runs the listen viewer. Since I am using the encyption plugin I have the listen viewer opening up with the shortcut -
"C:\Program Files\UltraVNC\vncviewer.exe" -listen -dsmplugin MSRC4Plugin.dsm

The problem I am running into is - when doing a nbtstat -A on both computers I see the following.
Customers computer -
Proto Local Address Foreign Address State
TCP XP0221:1028 ip(actual IP address).cox.com:5500 SYN_SENT

Tech computer -
Proto Local Address Foreign Address State
TCP kevinsputer:5500 kevinsputer:0 LISTENING

This doesnt change until the app goes away and the customer computer closes that port its trying to connect to.

From my understanding of this program is: That since the customer is initiating out the request on port 5500 it should be coming in on the listener for the tech's computer. (Customer not using firewall software at all, no firewall settings on his router to disallow outbound connection) The only problem is it isnt hitting the tech computer or it is hitting the tech computer but the tech computer isnt receiving the request.

SO, I forward ports all the time and this was like everything else I have tried... but.. when I checked it from a port scan on the net... The damn port is in "stealth" mode.. meaning its not really responding to requests the way i want it to.. which is always respond.....

So that got me thinking also.. My version is only RC19.4... im going to upgrade and see what happens. I will add more as soon as I can get there.. but from what I can tell the port that I have forwarded to the computer is not yeilding the right result of response to the client computer.... Why I have no clue.. but it works great on a lan.. so thats why im confused..

Okay so I tried it with RC19_6.. maybe I need to downgrade to RC18?? hmm.. I just wish I knew why it says my port is in stealth mode from the port scan when I do not have the XP firewall running, or any firewall running on the tech computer which is running the listener.. which with the proper port forwarding... should be working...

Am I looking at this all wrong.. or is there something else I should be using ..

I think the Nat2Nat program is cool but I dont want to have to install the server on anyones computer just for a few hours of remote assistance..

Sorry so long but thanks for any help in advance.

[ipsec]

After many days of banging my head on the wall..

I must start this off with.. Yes without the new encryption SC works just fine with both sides firewalled and only one port open on my routers / firewalls for the network in which I wish to gain access.

Either rate...

I reset my router.. started off square one.. and added in the ports one by one.. and to my delight... I was able to get port 5500 forwarded... I have no idea why my router didnt like it.. but for some dumb reason it worked for the viewer but not the listener... ? EITHER rate.. I am writing to say I got this connected the way its supposed to connect...

But im with this guy
[topic=1728][/topic]

Why doesnt the new DSM plugin work with SC?

Again my apologies..