It should be possible to set up port forwarding with ICS/ICF; I think =
now pretty easy with WinXP (nice dialog box), some info can be found at=20
more friendly guide with screrenshots osmewhere, but I can't find it =
Seems it's a lot more difficult with ME/98, but there seems to be a nice
freeware app that simplifies this:
:80/support/kb/articles/Q231/1/62.asp&NoWebContent=3D1> (doing it =
However, I'd strongly recommend forgetting direct port forwarding and =
a tunnel instead. SSH really is not *that* diffuclt to install/setup =
the nice windows installer from <http://lexa.mckenna.edu/sshwindows/>) =
there's plenty of help on the web for the initial tricky bit of setting =
the client (I recommend Putty) to forward ports. And I understand that
another tunnelling app, Zebedee, is even easier to setup.
Anyway, your choice :)) HTH
Date: Tue, 2 Dec 2003 00:33:40 +0000 (GMT)
From: "Scott C. Best" <sbest@...>
Subject: Re: Same Q different wording...
Heya. You're asking a FAQ which, unfortunately, doesn't
have a really short answer. :*)
Here's the trick: a router (doesn't matter whether it's
a "software based" router like the ICS program, or a "hardware based" =
like your friend's LinkSys box) does a real-time translation =
between two IP address, your "internal" one and an "external" one. There =
whole ranges of IP address that are specified to be "internal only"; =
192.168.x.y range is the most common example. Many routers simply =
one external IP address to several internal IP addresses, so that many =
can now share one Internet connection. In general, this is called "NAT"; =
Windows it's called "ICS"; in Linux it often goes by "IP Masquerading".
So if you're on a PC that's "behind" a router (software
or hardware, doesn't matter) it's tricky to figure out what the =
IP address is -- not only does your router translate that external IP
address before you ever see it, but your ISP could change it on you =
minutes if they wanted to. It's "their" IP address, after all, you just =
to borrow it from them.
As you're experiencing, all of this makes it difficult to connect to
a VNC Server running on a PC that's behind a router. But...given the
security risks of connecting a Windows PC directly to the =
"inconvenience" of a router is actually a pretty good feature. =
connecting "out" from behind a router is fairly transparent -- once the
router is working, all Internet activity that's initiated from "behind" =
router (e.g., web-browsing, checking email, etc.) should simply work.
To answer your question, though, try this: every router (software,
hardware, doesn't matter) allows in some way to "forward" or "map" a
connection from the external side "across" the router into the protected
internal side. That is, you explicitly tell the router that any =
arriving on (say) TCP-port 5900 on the external side should be forwarded =
the PC on the inside at IP address 192.168.0.1. There's a utility called
"ICS Configuration" that helps set this up:
Once you've setup this "port forwarding" for VNC (it uses
TCP port 5900 for the data connection), you can test it out. Startup =
VNC Server, and open a web-browser on that PC, and connect it to:
That scan will show you what your external IP address is
at that instant, and if it can connect, then a VNC Viewer can connect as
That being said...I've not actually heard of many people who were
able to get ICS working like this. That is, it's good at "Internet
Connection Sharing" (hence the name), but it also seems to create a
"software firewall" at the same time it's running, so that it =
blocks any port-forwarding attempts. Put another way, you'd be lucky to =
it working. My suggestion would be to demote your WinXP so that it's no
longer your router, and promote your Linux box to be the router instead.
That's my setup at home, and I'm sure you'll be able to get a ton more
support from this list is setting that up, as opposed to ICS. A good =
to start, though, is here:
Long answer, and hard to follow I'm sure. But I hope it helps!
> Here is my set up:
> WinXP Pro with Internet Connection Sharring (ICS) hooked to my isp on=20
> the outside (via DHCP), and hooked to a hub here on the inside. The=20
> other machinces are, this Linux box and my wifes XP Home machine, both =
> hooked to the hub gaining access to the internet via the XP Pro=20
> machine. (Cable broadband)
> My friend uses a Linksys router to connect three of his machines to=20
> the internet. (Cable boradband) (He did not set his router up -did not =
> how- so it's however Linksys sends them out the door).
> Neither of us have been able to contact the other's network via the=20
> internet, I am getting lost on how tightvnc know's what ip address to=20
> go to. We both have our ip addresses that our isps gave us, and we=20
> have both given each other each machines internal ip address/password=20
> as well.
> I've had him enter my external ip address and his machines can't find=20
> it (Mine I thought would be easier, since XP has port 5900 open by=20
> default (I don't know how to change that, but I hear it does). I've=20
> also had him enter my external ip address :1 thinking maybe it needed=20
> to know the screen to view.
> He is attempting this with XP machines, and I am trying from my Linux=20
> machine hooked to the hub, through the XP machine.
> I've tried to say " vncviewer 24.xxx.xx.xxx/192.168.0.1" or what ever=20
> his internal ip address is at the time (we always start fresh, getting =
> the numbers as they are currently in case they were changed after=20
> reboot). I get a "could not convert host" or something similure. I've=20
> also tried to put a :1 after the second ip address incase it needed a=20
> screen to see but it's not needed when I use my home network so I=20
> didn't know. I can access my ICS machine either by it's internal ip=20
> address or it's external address with out the use of a :1 command=20
> after the address. (From my linux machine hooked to the hub).
> I guess my other biggest question basicly is. How do I enter the=20
> addresses in vncviewer when it need's an address to see on the=20
> internet, and a second to see inside the network? There is no way=20
> it'll find a 192.xx.xxx.xxx number when they are internal ip addresses =
> if that's all I use.
> Hope I'm not beeing too big-a-noob ..
> P.S. I'm a router dummy thus my usage of XP as my ICS/Router and my=20
> freinds "default" Linksys setup.