VNC server will not listen on interface that has been added
after VNC Service started
James Weatherall
jnw "at" realvnc.com
Mon Jul 14 13:41:01 2008
Paresh,
Are you sure that the details you've given below are correct? According to
what you've specified you have:
Machine X:
Wired IP 148.88.162.134, netmask 255.255.252.0 => subnet 148.88.160.0
Wireless IP 148.88.163.239, netmask 255.255.192.0 => subnet 148.88.128.0
Machine Y:
Wired IP 148.88.172.239, netmask 255.255.252.0 => subnet 148.88.172.0
Ignoring the wireless for a moment, machine X and machine Y are on different
subnets, and so cannot communicate directly as you describe in (3).
The wireless link has a different netmask, which will cause things to behave
unreliably - over the wireless link X thinks that Y is on the same subnet,
but Y doesn't think that, and so will try route packets back to X via a
gateway.
Your problem doesn't appear to be anything specific to VNC, since it's a
more general problem with the setup of your network.
Cheers,
--
Wez @ RealVNC Ltd
> -----Original Message-----
> From: vnc-list-admin "at" realvnc.com
> [mailto:vnc-list-admin "at" realvnc.com] On Behalf Of paresh masani
> Sent: 14 July 2008 11:26
> To: Seak, Teng-Fong
> Cc: vnc-list "at" realvnc.com
> Subject: Re: VNC server will not listen on interface that has
> been added after VNC Service started
>
> Hi Seak,
>
> I got the exact output seauence about this problem. Please
> refer the following steps that i performed. Please note that
> wireless packates gone through the firewall.
>
> 1. Machine X has the two interface wired IP:
> 148.88.162.134netmask:
> 255.255.252.0 and Wireless: 148.88.163.239 netmask:255.255.192.0
> 2. Machine Y has one interface wired IP:
> 148.88.172.239 netmask:
> 255.255.252.0
> 3. Machne Y tries to take VNC of machine X via
> wired IP then it is working fine. For this the packates will
> not goes even to router also instead communication can be
> taken place via access switch as both machine are in same network.
> 4. Machine Y tries to take VNC of machine X via
> wireless IP then I could see the following situation using
> Ethereal packat tracer:
> - On machine Y I could see the
> packate SYN sent to machine X using wireless IP
> - On machine X i could see that
> packate SYN came from machine Y
> - machine X replied SYN ACK via
> wired connection( not via wireless :-( )
> - machine Y got the response SYN ACK
> packate from machine X
> - machine Y sending RST packate to
> machine X and this process get repeated 2 times and then VNC
> says connection times out.
> 5. If i removed wired connection cable then it is
> connecting successfuly.
>
> I think here firewall rejecting the packates from machine Y
> towards the wireless as firewall assume that only packates
> going but there is no incoming packate from machine X(because
> machine X replying via wired connection).
>
> Could you please help me on how to make this working.
>
> Thanks,
> Paresh
>
>
> On 6/30/08, Seak, Teng-Fong
> <lapsap7+vnc "at" gmail.com<lapsap7%2Bvnc "at" gmail.com>>
> wrote:
>
> > Well, there was no firewall drawn in your network
> topology in that
> > visio file. Anyway, admitting that you want to enforce security
> > measure, but you shouldn't make your networks like that.
> >
> > Just put two disjoint/mutually exclusive network (addresses) to
> > avoid problem. (Cf some network books.)
> >
> > I've no idea what you mean by "source machine replying
> ..." One
> > thing is sure, your router is lost by your config.
> >
> > On Mon, Jun 30, 2008 at 2:31 PM, paresh masani
> > <masaniparesh "at" gmail.com>
> > wrote:
> > >>> I really don't know why you have to specified two
> (supposedly)
> > >>>different network addresses for your wired and wireless
> connections.
> > > This has been done intensionally because of security reason. The
> > connection
> > > requests comes from wireless IP will be gone through FireWall and
> > > for
> > Wired
> > > firewall does not needed.
> > >
> > > Here I am not understanding why the source machine is
> > replying(presumably)
> > > via wired IP while the request came from the wireless IP.
> > >
> > > Thanks,
> > > Paresh
> > >
> > >
> > > On 6/30/08, Seak, Teng-Fong
> > > <lapsap7+vnc "at" gmail.com<lapsap7%2Bvnc "at" gmail.com>>
> > wrote:
> > >>
> > >> Oh man, you've totally screwed up the subnet
> addresses (and the
> > >> masks)! I don't have your Visio file any more, and thus I can't
> > >> remember which of your networks has the x.y.5.0 address
> and which
> > >> has the x.y.0.0 address, but the fact that one of your
> subnet masks
> > >> includes the other (and similar network addresses), it's very
> > >> likely that your router lost track of what to do.
> > >>
> > >> Actually, suppose you have the x.y.0.0 for your
> wired connection.
> > >> Using the subnet masks, you have:
> > >> x.y.0.0/255.255.252.0 ==> x.y.0.0 - x.y.3.255
> x.y.5.0/255.255.192.0
> > >> ==> x.y.0.0 - x.y.63.255
> > >>
> > >> You see, your wired connection is a part of your wireless
> > >> connections! You're not supposed to do that (please
> read network
> > >> reference book on this).
> > >>
> > >> I really don't know why you have to specified two
> (supposedly)
> > >> different network addresses for your wired and wireless
> connections.
> > >> I mean, I've setup about 6 wifi routers, and none of
> them needs me
> > >> to do so. Both wired and wireless use the same network
> address and
> > >> network mask.
> > >>
> > >> HTH
> > >>
> > >>
> > >> On Thu, Jun 26, 2008 at 1:06 PM, paresh masani
> > >> <masaniparesh "at" gmail.com>
> > >> wrote:
> > >> > Hmmm...You are right. We use different net-masks(255.255.252.0
> > >> > for wired, 255.255.192.0 for wireless) for both wired and
> > >> > wire-less connections.
> > >> > And also default gateways are different for both. I think the
> > >> > main reason having this problem is because of two different
> > >> > access point. I could see that when I am taking VNC of machine
> > >> > using wire-less IP then
> > destination
> > >> > machine showing incoming request saying SYN_RCVD state but I
> > >> > think it
> > is
> > >> > replying to source machine via wired connection and source
> > >> > machine is rejecting the response as it did not send
> any packat
> > >> > to specified
> > wired
> > >> > IP.
> > >> > What do you say? This might be problem.
> > >> >
> > >> > Thanks,
> > >> > Paresh
> > >> >
> > >> >
> > >> > On 6/23/08, Seak, Teng-Fong
> > >> > <lapsap7+vnc "at" gmail.com<lapsap7%2Bvnc "at" gmail.com>>
> > wrote:
> > >> >>
> > >> >> I can't give you the answer since you didn't specify the
> > >> >> subnet mask used in your network.
> > >> >>
> > >> >> If I take it as 255.255.0.0, then yes, yours is
> the same as
> > mine.
> > >> >> Well, almost, actually. The computer on which VNC viewer is
> > >> >> running only has wired connection; it has no wireless NIC.
> > >> >>
> > >> >> If I take it as 255.255.255.0, then no, they're different.
> > >> >>
> > >> >> Actually, I was talking about logical topology. Not
> > >> >> physical topology. And as a matter of fact, I don't think
> > >> >> having one access point or two access points would
> change anything.
> > >> >>
> > >> >>
> > >> >> On Wed, Jun 18, 2008 at 10:08 AM, paresh masani
> > >> >> <masaniparesh "at" gmail.com>
> > >> >> wrote:
> > >> >> > Thanks for doing testing. Could you please make
> sure that the
> > network
> > >> >> > topology you have tested and my network's topology(attached
> > >> >> > file)
> > is
> > >> >> > same.
> > >> >> > Please check all the three cases and Please let me know if
> > >> >> > real VNC will work in all cases or not.
> > >> >> >
> > >> >> > Thanks,
> > >> >> > Paresh
> > >> >> _______________________________________________
> > >> >> VNC-List mailing list
> > >> >> VNC-List "at" realvnc.com
> > >> >> To remove yourself from the list visit:
> > >> >> http://www.realvnc.com/mailman/listinfo/vnc-list
> > >> >
> > >> >
> > >> _______________________________________________
> > >> VNC-List mailing list
> > >> VNC-List "at" realvnc.com
> > >> To remove yourself from the list visit:
> > >> http://www.realvnc.com/mailman/listinfo/vnc-list
> > >
> > >
> > _______________________________________________
> > VNC-List mailing list
> > VNC-List "at" realvnc.com
> > To remove yourself from the list visit:
> > http://www.realvnc.com/mailman/listinfo/vnc-list
> >
> _______________________________________________
> VNC-List mailing list
> VNC-List "at" realvnc.com
> To remove yourself from the list visit:
> http://www.realvnc.com/mailman/listinfo/vnc-list
>