RealVNC

hm2k · November 18, 2006, 2:44pm

Hi there,

I’m currently testing out Comodo PF, and i’m having trouble opening up realvnc so I can connect in from the outside world.

Please could someone explain the correct method of allowing such a connection as I have so far been unable to achieve it.

If you require further information on RealVNC visit www.realvnc.com or simply ask.

system · November 18, 2006, 3:22pm

Hi, hm2k!

For exact instructions on configuring VNC itself you should refer to the documentation that comes with your application. I found some general guidelines, but I don’t use VNC, so I can only give you some general information.

Port forwarding for VNC:
http://www.realvnc.com/support/portforward.html

How do I use VNC through my firewall:
http://www.realvnc.com/faq.html

Now about making this work on COMODO:

I hope I understand you correctly: you want your computer to act as a server, so you will have to allow packets in, right?

To allow packets in, you have to go to the Network Monitor and create a rule for INCOMING packets.
Pick the last rule (the red IP Block rule) you see there and right-click on it. Pick Add-Rule –> Add before. Now you will see a window where you can create your rule.

Action: Allow
Protocol: your needed protocol
Direction: In

Source IP: the ip-address (or range) you want to allow an incoming connection to your computer
Destination IP: your ip-address if you are the server
Source port: will depend on the client’s (the other people’s) configuration, probably 5900+
Destination port: will depend on the server’s (=your) configuration, probably 5900+

If you want to log what happens with this rule, check ‘Create an alert when this rule is fired’.
Click ‘OK’ and you’re ready.

I would advise you to set COMODO to log Incoming connections, and also monitor the logs (Activity – Logs). If there are problems with the connection, then in this way you can see what was blocked and make adjustments.

Paul Wynant
Moscow, Russia

hm2k · November 20, 2006, 7:18pm

I followed this guide to find I still cannot log into my RealVNC server behind comodo firewall.

This is the first firewall I have used where it is so complicated to achieve something like this.

Bluesman · November 20, 2006, 7:41pm

And what does the logs say?

hm2k · November 24, 2006, 11:49pm

I think I figured it out…

I needed to move the rule up in the list.

Bluesman · November 25, 2006, 6:04pm

Great!

AOwL · November 25, 2006, 9:31pm

Can I put resolved on this hm2k?

hm2k · November 27, 2006, 12:12pm

No, I have realised that I’m wrong and I still have not resolved this.

Further help please.

panic · November 27, 2006, 12:59pm

G’day,

To make your PC, running VNC from behind your router, accessible over the internet, there are two things that must occur.

Your router must set to forward the VNC port (typically TCP 5900) to the STATIC IP of the PC that is running VNC
CPF must have a network monitor rule in place that will allow an incoming connection to TCP port 5900.

Point 1) is up to you, as I have no idea what router you have, and I won’t give generic instructions on routers, as your internet connection depends on this. You will need to go through the docs that accompanied your router (or go to www.portforward.com) to set up a port forward rule for port 5900.

Point 2) is easy.

To allow packets in, you have to go to the Network Monitor and create a rule for INCOMING packets.
Click the last rule (the red IP Block rule) and do a right-click on it. Pick Add-Rule –> Add - Before. Now you will see a window where you can create your rule.

Action: Allow
Protocol: TCP
Direction: In

Source IP: the ip-address (or range) you want to allow an incoming connection to your computer
Destination IP: The static IP of the PC running VNC in server mode
Source port: ANY
Destination port: 5900 (but this can vary, depending upon if you have explicitly changed the port setting)

If you want to log what happens with this rule, check ‘Create an alert when this rule is fired’.
Click ‘OK’ and you’re ready.

The real key is that the PC MUST have a static IP address, as port forwarding works best from one fixed IP (the router) to another fixed IP (the VNC server).

This is all that needs to occur to use VNC via a router over the internet to your home PC.

Hope this helps,
Ewen

hm2k · December 4, 2006, 10:46pm

I tried this, and I STILL could not get it to work…

The problem does not lie within port forwarding or how the ports are setup, but instead the allowed applications.

The reason I believe this is:
1, I am testing this on the LAN, i’m trying from a LAN laptop to a LAN desktop.
2, If I turn OFF network monitoring, it makes not difference.
3, If I turn OFF application monitoring, it works.

I have tried adding and allowing all for the “C:\Program Files\RealVNC\VNC4\winvnc4.exe”, yet I can’t access it.

See: http://www.yoimg.com/h/85807675-comodo-realvnc-problem.jpg.html

Why is this so difficult?

AOwL · December 4, 2006, 11:31pm

Have you both “skip loopback…” checked? (security/advanced/misc)

If you delete the application monitor rules for VNC and other exe’s that has something to do with it, and go to security/advanced/misc,
and uncheck “do not show alerts…” and raise the “alert freq. lev.” slider to the top.
Reboot.
Now you can allow everything that pops up…
It might work…

hm2k · December 5, 2006, 1:17am

Skip loopback is checked.

Why do I have to reboot to get this to work? That is fairly unacceptable…

I can’t believe its so difficult to achieve this basic task.

Don’t even get me started on Apache.

Unless there a reasonable solution to this issue, I will not be using CPF until this issue is resolved, neither will I be recommending it to my clients.