NIS and VNC

Norton Security | Norton Internet Security
1

I have a 2 PC network at home and wanted to access both PC remotely.  Both these PC are running NIS V20.2.1.22

 

I installed VNC and configured the router to forward port 5900 to the IP address of the first PC and port 5901 to the second PC.  I can access the first PC (configured as the "server") using VNC Viewer.  When I try to access the second PC, NIS (on that pc) reports in the Security History the following message:

 

"Unused port blocking has blocked communications.  Inbound TCP connection from 192.168.0.3 local service port 5900"

 

I tried setting up a firewall rule to allow Ports 5900-5901 but to no avail.  I still get the same unused port blocking message.

 

Can anyone assist please

2

I have a 2 PC network at home and wanted to access both PC remotely.  Both these PC are running NIS V20.2.1.22

 

I installed VNC and configured the router to forward port 5900 to the IP address of the first PC and port 5901 to the second PC.  I can access the first PC (configured as the "server") using VNC Viewer.  When I try to access the second PC, NIS (on that pc) reports in the Security History the following message:

 

"Unused port blocking has blocked communications.  Inbound TCP connection from 192.168.0.3 local service port 5900"

 

I tried setting up a firewall rule to allow Ports 5900-5901 but to no avail.  I still get the same unused port blocking message.

 

Can anyone assist please

3

Thanks for your suggestions Dave. 

 

I tried all you suggested but unfortunately no change.  

 

In terms of using the local IP address versus the internet address, the same issue exists.  Whether I try to connect "locally" using the IP of the 2nd computer or try to access via the net, I get the same "unused port blocked .." message.  When trying to access more than one PC via an instance of a VNC server, the adress of the second PC must be resolved and forwarded on a different port to that of the server

 

I wonder why the firewall rule is not resolving the issue? Any other suggestions would be appreciated   

4

Hi David,

 

Try checking the settings of the program rules under the smart firewall settings. Check if your VNC application is set to allow. If not change to allow and try to connect. :smileyhappy:

5

Right click on the norton icon by the clock, select  "disable smart firewall" choose 15min or longer.

Does it connect now?

 

What flavor of VNC is this, real, ultra, tight, etc?

 

Edit- If your using RealVNC I'm pretty sure since your not using the default port on that system you have to connect into it from the first computer using IPaddess:1

192.168.0.2:1

(I'm guessing on the .2 part)

Or use a douple colon and the actual port 192.168.2::5901

If thats the cause then the Norton error makes perfect sense now.

6

Thanks Dave and dred_lukz29 for your on-going input.

 

To clarify the setup:

RealVNC Server (Personal) is running on PC1 IP address 192.168.2.  The second PC does not have any VNC software running at all.  Its address is 192.168.5.  Using a third PC (laptop) and running VNC Viewer, I enter the INternet IP of my router (or the internal IP 192.168.2) and I can connect happily to PC 1.  In order to connect to the second PC in the VNC Viewer console you enter 192.168.2:1 This instruct the server to use port 5901 rather than the default 5900.  Of course the router must be configured to port forward port 5900 to 192.168.2 and port 5901 to 192.168.5.  All of this is correctly setup.  Note the double colon is used when you are NOT using the default port range commencing 5900

 

Following Dave's advice I I have reconfigured NIS on PC 2 fully trust PC1 and currently have no firewall rules to allow comms from ports 5900 and 5901.  When I attempt to connect using VNC viewer, PC 2 NIS reports the Unused Port 5901 blocked message.

 

Yes dave I tried turning off the smart firewall and I did get a different response.  This time VNC reported the error as "Connection refused" so clearly NIS is playing a part somewhere.  Under this scenario, I still received the Unused Port 5901 blocked log message.

 

Appreciate any further suggestions on resolution.

7
davidg1301 wrote:

Yes dave I tried turning off the smart firewall and I did get a different response.  This time VNC reported the error as "Connection refused" so clearly NIS is playing a part somewhere.  Under this scenario, I still received the Unused Port 5901 blocked log message.

Can you please clarify this?  If the Norton Firewall is disabled, how could you get a firewall log entry?  Also, if the firewall is turned off, and VNC then reports that it cannot connect, the issue would have to be caused by something other than the Norton Firewall.

8

Apologies the Unused Port Blocked message only appears with Smart Firewall on.

 

I take your point that with the smart firewall off and VNC reporting "Connection refused" something else is also involved.  If I can get this resolved then I will still be faced with NIS blocking Port 5901

9

Did you move your custom firewall rule to the top?

10
davidg1301 wrote:

Thanks Dave and dred_lukz29 for your on-going input.

 

To clarify the setup:

RealVNC Server (Personal) is running on PC1 IP address 192.168.2.  The second PC does not have any VNC software running at all.  Its address is 192.168.5.  Using a third PC (laptop) and running VNC Viewer, I enter the INternet IP of my router (or the internal IP 192.168.2) and I can connect happily to PC 1.  In order to connect to the second PC in the VNC Viewer console you enter 192.168.2:1  

I can't tell if these are typos or if ths is the problem.

You state that 192.168.1.2 is PC1 IP address, then you state it is the router address.

 

This line here also is confusing:

"In order to connect to the second PC in the VNC Viewer console you enter 192.168.2:1".

That would be incorrect because the second computer IP address will not be the same as the first computer.

 

I'll try to explain, please forgive me if this is just my confusion.

 

I'm going to make up some numbers here, they may or may not be your internal IP addresses.

 

The router is the gateway, lets say it is 192.168.1.1

Lets say computer 1 is 192.168.1.2  (it's running VNC on the default port5900)

Lets say computer 2 is 192.168.1.3  (it's running VNC on port 5901)

 

Computer 3 has VNC viewer, it doesn't matter what the IP address is.

To connect into computer 1 the address would be: 192.168.1.2  (thats all you need since it is the default port).

To connect into computer 2 the address would be: 192.168.1.3:1  (note that is the address of the second computer, not the router or the gateway).

 

Without using VNC at ll, computer 3 should also be able to ping the other computers by opening up a command prompt.

ping 192.168.1.2  (should get 4 good replies from computer 1)

ping 192.168.1.3 (should get 4 good replies from the second computer).

 

Port fowarding in the router will only be used when a connection is made from the internet, from outside your home network.

There is no such thing as forwarding ports "inside" a network.  It also should not be necessary to open any ports in the firewall because your systems should be set for shared or full trust.

 

Sorry If I misunderstood.

Dave

 

 

 

 

 

 

11

Ahhh and I thought I knew what I was doing!   

 

I had assumed that by entering into VNC Viewer, the local IP address of the PC running VNC server, it would handled in exactly the same way as entering the internet address, i.e since VNC server is listening on Port 5900, the the router would still be involved with forwarding the message to 192.168.0.2.  By your comments above, I realise this may not be (and probably isnt) the case.

 

Yes I can ping the two PCs from the laptop (when connected on the network) ie I get a response for both 192.168.0.2 and 192.168.0.5.  It is ONLY when I use VNC viewer and enter either the local IP or internet address:1 that I get the connection timeout (and the unused port 5901 blocked message)

 

When I wrote "...I enter the INternet IP of my router (or the internal IP 192.168.0.2)..." I did not intend to imply the IP of the router was 192.168.0.2, but I can see why I have confused things - apologies

 

My primary goal is to access both PC via the internet by entering inter VNCViewer the INternetIP such as 61.252.27.251 - this will be picked up by the VNC Serve listening on port 5900 and forwarded to 192.168.0.2 which is the first PC running VNCServer.  To access the second I enter 61.252.27.251:1 which then uses port 5901 which is forwarded to 192.168.0.5.  This is where I get the connection timeout issue.

 

I hope this clarifies things and again apologies for my clumsiness

12

Yes and thanks for the tip

13

Verify you can connect to both computers inside your network first.

 

The first one you have on the defualt port appears to be no problem.

 

For the second computer, if 192.168.0.5:1 does not work, I would try 192.168.0.5::5901  (regardless of what the instructions say LOL)

 

Of course make sure the server is configured to 5901 on that system, make sure thats for the normal viewer connection and you didn't mistakenly enter that into the java connection box.

 

If you still can't connect into the second VNC server, consider changing the port to something completely different.

I'm kind of reluctant to use ports one number apart anyway. Try 5910 if you want to stay in the same range.

Or try 4899 or 4096  (I use those ports for Radmin and they have never conflicted with anything).

 

Once your able to establish the internal network connections through the LAN, it should be very easy to configure everything for connecting from the internet (WAN).

You got system 1 setup correctly, once the second system is working just forward the port you decited on to that computer.

 

Then from the internet it would be:

internetAddress to connect into system 1

and either

InternetAddress::port

or

InternetAddress:1

To connect into the second server.

 

With the VNC servers set to "allow" in the program control you should still not need any firewall rules.

Dave