Unable to connect to vnc server from external IP address

23
2014-04
  • enginefree

    Ok I have setup a VNC server, I have port forwarded TCP/UDP for both 5900 and 5800. Everything works fine all ports are open according to (http://canyouseeme.org/). But i still cannot access it using the external ip address. It works fine with the internal ip address but somehow not the external. Any ideas?

  • Answers
  • David Schwartz

    You'll need a router that supports hairpin NAT (sometimes called "lookback NAT", a form of dual NAT where both the source and destination addresses are rewritten) to access a forwarded service from the inside using the outside IP address. This answer explains why port forwarding won't work unless the connection originates from the Internet side of the router. Most SoHo routers can't do loopback NAT with their factory firmware.


  • Related Question

    port forwarding - Why can't I connect to my VNC server from outside my network?
  • CT.

    I have a computer running TightVNC server. It is on my home network. The computer it is installed on has a locally static ip address 192.168.1.100. I am able to connect to this vnc server from my home network fine, but unable to connect from outside my network (using the IP address that I see at www.whatismyip.com).

    I have forwarded port 5900 (and 5800) to ip address 192.168.1.100. But if I use canyouseeme.org I am unable to see that port.

    I am running Windows 7.

    Any suggestions?


  • Related Answers
  • William Hilsum

    I would double check that you have forwarded the port as that is all you should need to do.

    If there is a problem, try changing the default port in case your ISP is blocking it.

    Lastly, you may want to double check that you have forwarded the correct protocol, I can't remember if it is TCP or UDP that is needed, but if you have one - try the other (or both!)

  • itprofessionalsgroup

    192.168.1.100 is a private IP Address that you will never be able to access from outside your network. You need to use the IP address of your modem. Your router does address translation that sees your 192.168.1.100 internally and when you send email or anything else on the net your router translates that IP into a public IP address that the "Cloud" understands. I do not know exactly how to set up TightVNC, but I do know that you need to be using your public address and not a private IP address. Hope this gets you going in the right direction.

  • JeffP

    According to this, you need to forward a 5800 as well.

  • Stevoni

    The IP you listed is assigned by the router. Instead of attempting to access this address, you need to get the IP address that you're router is assigned by the ISP.

    My IP address is 66.xxx.xxx.90 so I would need to enter this information (rather than the 192 series IP) in order to access my computer using TightVNC.

    Another solution to your problem would be to sign up for a domain name using DynDNS.com (or a similar site), download their software and make sure it updates. What this allows you to do is access your home network using something like MyDomain.Mine.nu (which is how mine is set up). It is much easier to remember a name you came up with than those silly useless numbers.

  • quack quixote

    I just tried canyouseeme.org from here and it seems to work as expected: sees the ports I know are open, doesn't see ports I know are closed. So it seems like a good tool.

    If it's saying your ports are still closed, your ports are still closed. This could be due to your ISP, or any device in your connection path. It could also be due to your VNC server not running, so make sure it's running before testing.

    Here's some things to check:

    • Does Win7 have an active firewall? Could it be allowing local traffic on those ports but blocking external traffic? (If uncertain, disable it long enough to test.)
    • What router make/model are you using? Latest firmware? Any other users reporting problems with forwarding?
    • What's upstream from your router? Cable/DSL modem? Does it need to be configured to allow incoming traffic?
  • ultrasawblade

    I'm betting (could be wrong) that you probably actually need to forward 5901/5801. Doesn't VNC add the display number to the port you select? The first display number is 1. Been awhile since I messed with VNC but just a thought.