Hello World, I hope you don't mind, I've put a long-ish (75 line) tcpdump trace at the end of this question in case it helps explain what's going on. (**Please snip it out of any replies - thanks in advance...B-) **)
I am trying to connect to a WinVNC 3.3.5 Server on a Windows NT4 Server box, from a browser (no VNC Viewer) on a linux box. They are sat next to each other but the idea is to deploy the NT box outside but be able to keep an eye on it. Both machines are connected to a hub which is also connected to a firewall/ router PC (running Freesco 0.2.7). I have set up forwarding on the firewall to route traffic coming in from the Internet on ports 5800 and 5900 to the VNC server's internal IP Address. When the firewall dials my ISP it gets given a dynamic IP address which I can discover using ifconfig. I can run the Java client on my Linux box just fine when I browse to the server on my LAN by its local address on 192.168.254.xxx:5800 . But when I browse to the dynamic IP address all I see in Netscape is 'Connect: contacting host 80.xx.xx.xx:5800...' and eventually a 'No response' message. [ *** WARNING -- LONG LINES AHEAD *** ] I snipped some of a trace from tcpdump showing the traffic on the LAN, with a few comments and queries. Names: VNC server= 'qgw'. Netscape client= 'ss00'. Firewall='ss02fw'. These are all static internal (192.168...) IP addresses in the hosts file on ss00 where I am running tcpdump. First the successful local connect:- start a connection to qgw vnc on LAN: 15:21:45.96 > ss00.44373 > qgw.5800: S 268766975:268766975(0) win 5840 <mss 1460,sackOK,timestamp 260033085 0,nop,wscale 0> (DF) 15:21:45.96 < qgw.5800 > ss00.44373: S 284495:284495(0) ack 268766976 win 8760 <mss 1460> (DF) 15:21:45.96 > ss00.44373 > qgw.5800: . 1:1(0) ack 1 win 5840 (DF) 15:21:45.98 > ss00.44373 > qgw.5800: P 1:306(305) ack 1 win 5840 (DF) ... more stuff on these ports... ... then the src port on ss00 gets bumped up... 15:21:46.30 > ss00.44373 > qgw.5800: F 306:306(0) ack 185 win 6432 (DF) 15:21:46.30 < qgw.5800 > ss00.44373: . 185:185(0) ack 307 win 8455 (DF) 15:21:46.35 > ss00.44374 > qgw.5800: S 263482036:263482036(0) win 5840 <mss 1460,sackOK,timestamp 260033124 0,nop,wscale 0> (DF) 15:21:46.35 < qgw.5800 > ss00.44374: S 284497:284497(0) ack 263482037 win 8760 <mss 1460> (DF) 15:21:46.36 < qgw.5800 > ss00.44374: P 1:20(19) ack 319 win 8442 (DF) 15:21:46.36 > ss00.44374 > qgw.5800: . 319:319(0) ack 20 win 5840 (DF) ... lots more on this combination while initial authentication screen appears... ... enter password... ... connection jumps to new src port on ss00 and 5900 on qgw... 15:23:28.76 < qgw.5900 > ss00.44375: S 284511:284511(0) ack 362957676 win 8760 <mss 1460> (DF) 15:23:28.76 > ss00.44375 > qgw.5900: . 1:1(0) ack 1 win 5840 (DF) ... lots more while the screen draws and move mouse around on VNC desktop ... 15:23:31.02 > ss00.44375 > qgw.5900: P 90:100(10) ack 33615 win 52560 (DF) 15:23:31.20 < qgw.5900 > ss00.44375: . 33615:33615(0) ack 100 win 8661 (DF) ... disconnect ... 15:29:32.93 > ss00.44375 > qgw.5900: P 506:516(10) ack 36131 win 52560 (DF) 15:29:33.11 < qgw.5900 > ss00.44375: . 36131:36131(0) ack 516 win 8245 (DF) 15:29:40.30 > ss00.44375 > qgw.5900: F 516:516(0) ack 36131 win 52560 (DF) 15:29:40.30 < qgw.5900 > ss00.44375: . 36131:36131(0) ack 517 win 8245 (DF) 15:29:40.31 < qgw.5900 > ss00.44375: F 36131:36131(0) ack 517 win 8245 (DF) 15:29:40.31 > ss00.44375 > qgw.5900: . 517:517(0) ack 36132 win 52560 (DF) -- --- now try same from ss00 to same machine, remote IP up and down thru firewall --- -- the long '...ntli.net' name is the reverse DNS of my external dynamic IP address -- note the 'back-off & retry' pattern of 3,6,12,24 sec between attempts. -- Question 1 : Why does ss00 start talking directly to qgw (on its /internal/ IP address)? -- [ could the Freesco box be doing something clever here? ] -- Q 1a: ... and why does ss00 then reject (R) the reply from qgw? -- Q2 : and what might be happening to ss00's request to the external ..ntli.net:5800 ? -- It looks like it might just never be getting any response. There is no sign of -- incoming traffic being blocked by the firewall. 15:33:09.30 > ss00.44378 > m31-mp1.cvx3-a.pop.dial.ntli.net.5800: S 1000303348:1000303348(0) win 5840 <mss 1460,sackOK,timestamp 260101419 0,nop,wscale 0> (DF) 15:33:09.30 B arp who-has qgw tell ss02fw /* firewall determining where to send the inbound traffic I guess? */ 15:33:09.30 P arp reply qgw is-at 0:c0:9f:7:92:93 (0:80:c8:e0:e5:72) 15:33:09.30 P ss00.44378 > qgw.5800: S 1000303348:1000303348(0) win 5840 <mss 1460,sackOK,timestamp 260101419 0,nop,wscale 0> (DF) 15:33:09.30 B arp who-has ss00 tell qgw /*wtf??*/ 15:33:09.30 > arp reply ss00 (0:a0:cc:52:96:36) is-at 0:a0:cc:52:96:36 (0:c0:9f:7:92:93) 15:33:09.30 < qgw.5800 > ss00.44378: S 284564:284564(0) ack 1000303349 win 8760 <mss 1460> (DF) 15:33:09.30 > ss00.44378 > qgw.5800: R 1000303349:1000303349(0) win 0 (DF) 15:33:12.30 > ss00.44378 > m31-mp1.cvx3-a.pop.dial.ntli.net.5800: S 1000303348:1000303348(0) win 5840 <mss 1460,sackOK,timestamp 260101719 0,nop,wscale 0> (DF) 15:33:12.30 P ss00.44378 > qgw.5800: S 1000303348:1000303348(0) win 5840 <mss 1460,sackOK,timestamp 260101719 0,nop,wscale 0> (DF) 15:33:12.30 < qgw.5800 > ss00.44378: S 284573:284573(0) ack 1000303349 win 8760 <mss 1460> (DF) 15:33:12.30 > ss00.44378 > qgw.5800: R 1000303349:1000303349(0) win 0 (DF) 15:33:14.30 > arp who-has qgw tell ss00 (0:a0:cc:52:96:36) 15:33:14.30 < arp reply qgw is-at 0:c0:9f:7:92:93 (0:a0:cc:52:96:36) 15:33:14.33 > arp who-has ss02fw tell ss00 (0:a0:cc:52:96:36) 15:33:14.33 < arp reply ss02fw is-at 0:80:c8:e0:e5:72 (0:a0:cc:52:96:36) 15:33:18.30 > ss00.44378 > m31-mp1.cvx3-a.pop.dial.ntli.net.5800: S 1000303348:1000303348(0) win 5840 <mss 1460,sackOK,timestamp 260102319 0,nop,wscale 0> (DF) 15:33:18.30 P ss00.44378 > qgw.5800: S 1000303348:1000303348(0) win 5840 <mss 1460,sackOK,timestamp 260102319 0,nop,wscale 0> (DF) 15:33:18.30 P ss00.44378 > qgw.5800: S 1000303348:1000303348(0) win 5840 <mss 1460,sackOK,timestamp 260102319 0,nop,wscale 0> (DF) 15:33:18.30 < qgw.5800 > ss00.44378: S 284576:284576(0) ack 1000303349 win 8760 <mss 1460> (DF) 15:33:18.30 > ss00.44378 > qgw.5800: R 1000303349:1000303349(0) win 0 (DF) 15:33:30.30 > ss00.44378 > m31-mp1.cvx3-a.pop.dial.ntli.net.5800: S 1000303348:1000303348(0) win 5840 <mss 1460,sackOK,timestamp 260103519 0,nop,wscale 0> (DF) 15:33:30.30 P ss00.44378 > qgw.5800: S 1000303348:1000303348(0) win 5840 <mss 1460,sackOK,timestamp 260103519 0,nop,wscale 0> (DF) 15:33:30.30 < qgw.5800 > ss00.44378: S 284581:284581(0) ack 1000303349 win 8760 <mss 1460> (DF) 15:33:30.30 > ss00.44378 > qgw.5800: R 1000303349:1000303349(0) win 0 (DF) 15:33:54.30 > ss00.44378 > m31-mp1.cvx3-a.pop.dial.ntli.net.5800: S 1000303348:1000303348(0) win 5840 <mss 1460,sackOK,timestamp 260105919 0,nop,wscale 0> (DF) 15:33:54.30 P ss00.44378 > qgw.5800: S 1000303348:1000303348(0) win 5840 <mss 1460,sackOK,timestamp 260105919 0,nop,wscale 0> (DF) 15:33:54.30 < qgw.5800 > ss00.44378: S 284588:284588(0) ack 1000303349 win 8760 <mss 1460> (DF) 15:33:54.30 > ss00.44378 > qgw.5800: R 1000303349:1000303349(0) win 0 (DF) 15:34:47.30 > arp who-has ss02fw tell ss00 (0:a0:cc:52:96:36) 15:34:47.30 > arp who-has qgw tell ss00 (0:a0:cc:52:96:36) 15:34:47.30 < arp reply qgw is-at 0:c0:9f:7:92:93 (0:a0:cc:52:96:36) 15:34:47.30 < arp reply ss02fw is-at 0:80:c8:e0:e5:72 (0:a0:cc:52:96:36) Any info/suggestions/comments very welcome. Thanks... -- Victor Churchill , Bournemouth, UK 01202 779643 07970 844083 _______________________________________________ VNC-List mailing list [EMAIL PROTECTED] http://www.realvnc.com/mailman/listinfo/vnc-list
