Mailing List Archive

That all sounds ok to me, except that I've never had occasion to test the
connection via a dynamic DNS name from/to a client within the same subnet -
obviously you'd never need to do this apart from testing. Two possibilities
suggest themselves (but don't assume I haven't missed anything!): firstly
that the Belkin simply can't handle the incongruity of the combination of
NAT (where the router has to keep track of which LAN client issued, say, a
particular web request so that it can route the pages accordingly) and
port-forwarding, which caters for an externally originated connection. The
other possibility is that the dynamic DNS isn't working, and you're pinging
some innocent bystander, which is dutifully responding (been there, t-shirt,
etc). DynDNS have a (short) list of certified hardware and say that many
devices don't work acceptably well. They have a software client which is
free to download and easy to configure. However, you can ensure that the
DNS setting is correct by logging on to DynDNS from any machine on your LAN
and updating the address (ideally after disabling the router facility just
in case). Presumably you want to make this connection from a server outside
your own LAN. Can you (after lowering the security settings) access the
router's configuration pages from outside? Have you tried getting an
external server to connect?

Incidentally, in the scenario you describe you need forward only port 5500
to the host of the listening client; you would only need to port-forward
5800 or 5900 if you are trying to reach a server (rather than client) from
outside the LAN.

Philip Herlihy


-----Original Message-----
From: vnc-list-bounces@realvnc.com [mailto:vnc-list-bounces@realvnc.com] On
Behalf Of Kevan Rehm
Sent: 13 October 2009 03:59
To: vnc-list@realvnc.com
Subject: VNC in listening mode, connection fails with "read: Connection
reset by peer (10054)

Greetings,

I have my home PC configured to "Run Listening VNC Viewer", and the PC has a

static IP address of 192.168.2.10 behind a wireless Belkin router. I have
port-forwarded TCP ports 5500, 5800, and 5900 in my Belkin router to the
same port addresses in 192.168.2.10, and I have configured my PC's McAfee
firewall to open TCP ports 5500, 5800, and 5900. I downloaded the
PFPortChecker program from portforward.com, and it confirms that all three
ports are indeed open.

I have also created a DDNS hostname at dyndns.org so that I have a hostname
whose DNS resolution will work even as Comcast periodically changes the IP
address they give me. I configured the Belkin router to update the
dyndns.org site whenever the Comcast address changes. I am able to ping my
machine successfully using the DDNS hostname. So far, so good.

On another PC in my Belkin's internal network, I can start up the VNC
Server, select "Add Client", and connect to the listening viewer
successfully by using 192.168.2.10, and can see the server machine's
desktop. Works perfectly. If on that same machine I instead select "Add
Client" but use the dyndns.org hostname, a pop-up immediately appears on the

listening machine saying "read: Connection reset by peer (10054)". If I
click OK in the pop-up, the same message appears two more times, at which
point the VNC server machine reports "Connection failed". Any idea why this

is failing? It doesn't seem to be a port-forward problem.

Any help would be greatly appreciated.

Regards, Kevan


_______________________________________________
VNC-List mailing list
VNC-List@realvnc.com
To remove yourself from the list visit:
http://www.realvnc.com/mailman/listinfo/vnc-list




_______________________________________________
VNC-List mailing list
VNC-List@realvnc.com
To remove yourself from the list visit:
http://www.realvnc.com/mailman/listinfo/vnc-list

Philip,

Thanks for your reply. I've managed to work around the problem, but thought
I should give an update just in case anyone else runs into the same thing.

First, I do understand that I shouldn't have to port-forward 5900 and 5800;
I had simply reached the point where I was willing to try anything. :-) I
have since disabled them again. Also, my DDNS address is working correctly,
the IP address I get when I ping the hostname matches the address I get when
going to WhatIsMyIP.com. The Belkin also seems capable of updating the
DDNS correctly, the Belkin documentation actually tells you to register your
name at DynDns so that it can be automatically updated, so I'm willing to
believe that they actually tried it before shipping. :-)

I have come to believe as you do that this is some quirk having to do with
having one machine on an internal LAN talking to another on the same
internal LAN but using an external address. After I read your email, a
light bulb came on, and I used one of the internal LAN machines to
SSH-tunnel to my office across town, effectively putting that machine
outside the internal LAN (its IP address was now that of an office machine).
In this configuration I was able to connect from that tunneling machine to
my VNC-listening machine using the external DDNS name.

The only reason I was going through all this is because I am setting up a
computer for my in-laws and testing it before taking it over to their house.
I wanted to make sure that they could connect back to my machine so that I
could help them with any problems. After my tunneling experiment, I now
know that it will work correctly when I take the computer to their house,
once it is off my internal LAN.

Again, I appreciate your help. It's still an interesting problem as to why
this doesn't work when both machines are on the internal LAN and an external
address is used, but since it's only a temporary situation, I'm willing to
give up trying to figure it out. :-)

Regards, Kevan


_______________________________________________
VNC-List mailing list
VNC-List@realvnc.com
To remove yourself from the list visit:
http://www.realvnc.com/mailman/listinfo/vnc-list

> Greetings,
>
>[...]
> On another PC in my Belkin's internal network, I can start up the VNC
> Server, select "Add Client", and connect to the listening viewer
> successfully by using 192.168.2.10, and can see the server machine's
> desktop. Works perfectly. If on that same machine I instead select "Add
> Client" but use the dyndns.org hostname, a pop-up immediately appears on the
> listening machine saying "read: Connection reset by peer (10054)". If I
> click OK in the pop-up, the same message appears two more times, at which
> point the VNC server machine reports "Connection failed". Any idea why this
> is failing? It doesn't seem to be a port-forward problem.
>
> Any help would be greatly appreciated.
>
It depends by the router, almost always isn't possible to use the external address
from the local (internal) network. From the 2nd PC try to access into Internet through an
alternative internet connection (for instance, through a modem connection) and you'll see
that the VNC connection using the DynDNS addres will work perfectly.


> Regards, Kevan
>
Bye,
Claudio.


_______________________________________________
VNC-List mailing list
VNC-List@realvnc.com
To remove yourself from the list visit:
http://www.realvnc.com/mailman/listinfo/vnc-list

Worth commenting that there are a number of routers which claim to work with
DynDNS while DynDNS say they don't work correctly.

Philip Herlihy


-----Original Message-----
From: Kevan Rehm [mailto:krehm@visi.com]
Sent: 14 October 2009 02:03
To: Philip Herlihy; vnc-list@realvnc.com
Subject: Re: VNC in listening mode, connection fails with "read: Connection
reset by peer (10054)

Philip,

Thanks for your reply. I've managed to work around the problem, but thought

I should give an update just in case anyone else runs into the same thing.

First, I do understand that I shouldn't have to port-forward 5900 and 5800;
I had simply reached the point where I was willing to try anything. :-) I
have since disabled them again. Also, my DDNS address is working correctly,

the IP address I get when I ping the hostname matches the address I get when

going to WhatIsMyIP.com. The Belkin also seems capable of updating the
DDNS correctly, the Belkin documentation actually tells you to register your

name at DynDns so that it can be automatically updated, so I'm willing to
believe that they actually tried it before shipping. :-)

I have come to believe as you do that this is some quirk having to do with
having one machine on an internal LAN talking to another on the same
internal LAN but using an external address. After I read your email, a
light bulb came on, and I used one of the internal LAN machines to
SSH-tunnel to my office across town, effectively putting that machine
outside the internal LAN (its IP address was now that of an office machine).

In this configuration I was able to connect from that tunneling machine to
my VNC-listening machine using the external DDNS name.

The only reason I was going through all this is because I am setting up a
computer for my in-laws and testing it before taking it over to their house.

I wanted to make sure that they could connect back to my machine so that I
could help them with any problems. After my tunneling experiment, I now
know that it will work correctly when I take the computer to their house,
once it is off my internal LAN.

Again, I appreciate your help. It's still an interesting problem as to why
this doesn't work when both machines are on the internal LAN and an external

address is used, but since it's only a temporary situation, I'm willing to
give up trying to figure it out. :-)

Regards, Kevan




_______________________________________________
VNC-List mailing list
VNC-List@realvnc.com
To remove yourself from the list visit:
http://www.realvnc.com/mailman/listinfo/vnc-list