« considering remote desktop software and services | Main | Problems with BlueBeat »

November 2, 2004

The problem with VNC at home

Ok,
have been trying TightVNC. I installed the server on one WinXP Home edition Pc and started it as a service. Installed the viewer (and server) on my laptop on the LAN as well. The laptop found the server just fine using the internal IP address assigned by the Watchgaurd firewall. Unfortunately I have Comcast without a fixed IP address. Comcast won't allow any FTP, Ping, or any type of traffic to the IP address of my firewall. So I can't even open a port to allow the traffic through to the TightVNC server. So unless I want to buy a fixed IP address from Comcast, I can't run the software. That is too large a barrier for most home users. The solution has to work without having to provision anything from your broadband provider.

Still looking.

Posted by Martin at November 2, 2004 8:26 PM

Trackback Pings

TrackBack URL for this entry:
http://www.nwventurevoice.com/cgi-bin/mt-tb.cgi/1525

Comments

wow, does comcast really block all incoming traffic? that's a horrible policy. you're paying for internet access, yet you are only getting half of that access (outbound connections but not inbound). i can understand them blocking common ports associated with worms (25, 113, 139, etc) but not a vnc port. good luck.

Posted by: mark Author Profile Page at November 3, 2004 11:29 PM

Comcast: This does not seem true to me. I have lived at Eastlake (Seattle) and now in Sammamish both with Comcast (and attbi). In both cases, I have had the same IP for years at a time. Check my website out. I am hosting my own DNS, Sendmail, Apache and Aventail SSL VPN at home with absolutely no problems. On a linux command line try my IP..."dig -x 24.17.218.151"...you will get c-24-17-218-151.client.comcast.net.

Posted by: Todd Duffin Author Profile Page at November 3, 2004 11:29 PM

Dynamic IP's: I am running a Netgear FR328S firewall/NAT here at home...and it has settings for DynDNS.org, TZO.com and ngDDNS ...I monkey with this in the past (when switched ISP's) and it worked flawlessly. I the cheaper netgears and I am sure the cheap linksys/etc. do the same. On a linux command line type "dig tippyturtle.ng.iego.net" ...you will see it resolves to the same IP as my static dns "tippyturtle.com"...it "magically" changed moving from house to house. This is great for my root DNS records for my domain.

Posted by: Todd Duffin Author Profile Page at November 3, 2004 11:36 PM

VNC: Has one major flaw in my experience...the machine you are attempting to connect to must be logged into already. This means if your machine is not set to auto-log-on as somebody and your machine has been reboot for some reason (power outage), you will not be able to Remote Desktop in. MS-RDP or Citrix therefore work much better. Unless VNC has added something in the last 12 months, you will be stuck. :( Aaaaaaaaaaaaand...most trojon blockers (like my favorite http://www.webroot.com/products/spysweeper/) block these RDP type programs by default...for good reason. Watch for that. (ok, with that I will stop flooding your blog.)

Posted by: Todd Duffin Author Profile Page at November 3, 2004 11:48 PM

Well, the Blogsphere strikes again! Thanks all for comments. Here is what I found: Being a Windows user, I am using Sam Spade to do the finger/dig/ping commands. Using Sam Spade shell, ping, dig, finger all fail to Comcast IP addresses. Either Todd's at 24.17.218.151 or mine at 24.17.235.152 (my Watchgaurd SOHO firewall). But when I go to a browser, it finds the IP addresses just fine. In fact it shows me a log-on screen for my watchgaurd SOHO. So now all I gotta do is figure out how to get the traffic through the SoHo to the internal server running the other stuff. Todd, got any ideas?

Posted by: ministeroforder Author Profile Page at November 4, 2004 9:57 AM

ok, I found my Sam Spade probem. Bad DNS server configuration. Wasn't finding the right one. Fixed and now I get all the right results. Ouch I am silly.

Posted by: ministeroforder Author Profile Page at November 4, 2004 10:08 AM

Yup...here are some:

1. Find a pentium 166 with a 100 meg drive and install Linux (just so you have one...a linux machine that is). You ALWAYS need one of these...it is like a stick-shift car...a pain to drive but you can always push start it down a hill. :-)

2. You want to "reverse port map" (I assume you are NAT'ing out). From a quick look at the watchguard PDF it looks like you pick "incoming" under the "firewall" heading on your web configuration. I looks like it was made easy for you, you don't need to know what port a service is, just pick "HTTP" for your web server.

Side Note: On my home network I set all machines to a static IP, the only exceptions are machines that leave the house...like laptops. This allows them to boot faster (no DHCP request) and allows the reverse port mapping to be certian. DHCP machines most likely will get the same IP every time they boot...or maybe not? You don't wan't that if they have a web server on them.

Good Luck!

Posted by: Todd Duffin Author Profile Page at November 4, 2004 5:22 PM

todd, you are the man! I actually took an even easier way. I had an old iMac sitting around with OSX on it and it comes with Apache on it! So I just pointed all the HTTP and FTP requests to that local IP from the WatchGaurd and bob's your uncle, free hosting!

Posted by: ministeroforder Author Profile Page at December 29, 2004 1:47 PM

Post a comment

Thanks for signing in, . Now you can comment. (sign out)

(If you haven't left a comment here before, you may need to be approved by the site owner before your comment will appear. Until then, it won't appear on the entry. Thanks for waiting.)


Remember me?