Remmina local client won't connect to remote vnc server

eiger3970

Hello, I'm a bit confused to all the ports on the pfSense router.

Here are the ports I set on my router.

If: WAN
Proto: TCP/UDP (should only need TCP for RDP)
Src. addr: *
Src. ports: *
Dest. addr: LAN address
Dest. ports: 3389 (MS RDP)
NAT IP: 192.168.1.110
NAT Ports: 5900 (VNC)

Remmina on the local client has settings:
Protocol: RDP - Remote Desktop Protocol
Server: publicWANIP:5900
Username: remote server's username
Password: remote server's password

I am confused with the source and destination. I think I need a diagram to show the ports on the WAN and LAN, which can become tricky between the wall WAN port and the router ports.

Gertjan

Looks good to me.

You want to connect from the outside (any where on the net) using any port
to
the IP of your psEnse WAN, using port 3389 (MS RDP).
This connection will be natted to the device /PC on LAN, port number 5900 (VNC).

Building a NAT rule like that (pretty straight forward) will, by default, generate the corresponding firewall rule.

eiger3970

Well, I thought maybe the local client cannot access the remote host, due to TeamViewer running a remote connection.
So, I closed TeamViewer, then Quit TeamViewer, however the same Remmina error:
Remmina connection WANIP:3380. Error: Unable to connect to RDP server WANIP:3389 (comes up instantly)
Remmina connection WANIP:5900. Error: Unable to connect to RDP server WANIP:3389 (comes up after a few minutes)

I also tried:
The LAN local connection works.
The WAN remote connection doesn't work, as per below.

Well, I thought maybe the local client cannot access the remote host, due to TeamViewer running a remote connection.
So, I closed TeamViewer, then Quit TeamViewer, however the same Remmina error:
Remmina connection WANIP:3389. Error: Unable to connect to RDP server WANIP:3389 (comes up instantly)
Remmina connection WANIP:5900. Error: Unable to connect to RDP server WANIP:3389 (comes up after a few minutes)

Okay,
Local client Remmina:
Protocol: VNC - Virtual Network Computing
Server: public WAN IP
User name: blank
Password: blank
Connect:

Remote host Remmina:
Protocol: VNC - Incoming Connection
Listen on Port: 1
User name: blank
Password: blank
Connect: read (9: Bad read descriptor)

vino-preferences: I unticked 'Automatically configure UPnP router to open and forward ports

I think tightvncserver may be running in Terminal, which shows output:

$ tightvncserver

New 'X' desktop is userName:1

Starting applications specified in /home/userName/.vnc/xstartup
Log file is /home/userName/.vnc/userName:1.log

fragged

You don't need inbound NAT rules to allow whatever to connect to a remote server.

If you are trying to allow a remote client to connect to your VNC server, you need to change the destination address to WAN address, not LAN and change the port's to match. If you need both RDP and VNC port's NAT'd make two rules with 3389 -> 3389 and 5900 -> 5900.

eiger3970

Well, that helped with accessing 1 computer.
However, I cannot connect to the 2nd computer?
Do I have to change the port from 5900 to 5901 for the 2nd computer?

doktornotor

Hint: Get IPv6 working. This way, you won't need to mess with zillions of ports.

eiger3970

Sounds good. I'll need help as I've never set up IPv6 before.
I'm currently working on FTP access. Maybe someone could help with this with this new IPv6 thingy?

eiger3970

Okay, I had access via 5900 for a few weeks, however now I can no longer access ports 5900 and 5902 from outside the public WAN.

A ping test to the public WAN (which is used to access the vnc server says: 13 packets sent, 100% loss.

Here are the current settings in the pfSense router:

If: WAN
Proto: TCP
Src. addr: *
Src. ports: *
Dest. addr: WAN address
Dest. ports: 5900 (VNC)
NAT IP: 192.168.1.110
NAT Ports: 5900 (VNC)

Remmina on the local client has settings:
Protocol: VNC - Incoming Connection

I installed the nmap package on pfSense and scanned the VNC server IP 192.168.1.110:

Running: /usr/local/bin/nmap  -sS '192.168.1.110'

Starting Nmap 6.47 ( http://nmap.org ) at 2015-10-22 18:10
Nmap scan report for 192.168.1.110
Host is up (0.00011s latency).
Not shown: 998 closed ports
PORT    STATE SERVICE
139/tcp open  netbios-ssn
445/tcp open  microsoft-ds
MAC Address: xx:xx:xx:xx:xx:xx

Nmap done: 1 IP address (1 host up) scanned in 3.55 seconds

On the VNC server I ran a check for ports:

$ netstat -an| grep LISTEN
tcp        0      0 0.0.0.0:139             0.0.0.0:*               LISTEN     
tcp        0      0 127.0.0.1:5939          0.0.0.0:*               LISTEN     
tcp        0      0 127.0.0.1:631           0.0.0.0:*               LISTEN     
tcp        0      0 0.0.0.0:445             0.0.0.0:*               LISTEN     
tcp6       0      0 :::139                  :::*                    LISTEN     
tcp6       0      0 ::1:631                 :::*                    LISTEN     
tcp6       0      0 :::445                  :::*                    LISTEN     
unix  2      [ ACC ]     STREAM     LISTENING     13793    @/tmp/.ICE-unix/1756
unix  2      [ ACC ]     STREAM     LISTENING     13299    /tmp/.X11-unix/X0
unix  2      [ ACC ]     STREAM     LISTENING     11761    @/tmp/dbus-3SWEl6nEWV
unix  2      [ ACC ]     STREAM     LISTENING     13742    /tmp/ssh-sCsM4CtFJXXD/agent.1756
unix  2      [ ACC ]     STREAM     LISTENING     13794    /tmp/.ICE-unix/1756
unix  2      [ ACC ]     STREAM     LISTENING     4339193  socket
unix  2      [ ACC ]     STREAM     LISTENING     4434331  @/dbus-vfs-daemon/socket-WHSe9pJh
unix  2      [ ACC ]     STREAM     LISTENING     13601    /run/user/1000/keyring-Qt4qES/control
unix  2      [ ACC ]     STREAM     LISTENING     13298    @/tmp/.X11-unix/X0
unix  2      [ ACC ]     STREAM     LISTENING     4435395  @/dbus-vfs-daemon/socket-zn9XHULl
unix  2      [ ACC ]     STREAM     LISTENING     59185    /var/run/cups/cups.sock
unix  2      [ ACC ]     STREAM     LISTENING     20084    @/dbus-vfs-daemon/socket-jyfxNG4K
unix  2      [ ACC ]     STREAM     LISTENING     3497359  @/dbus-vfs-daemon/socket-FowUdH6c
unix  2      [ ACC ]     STREAM     LISTENING     19875    @/dbus-vfs-daemon/socket-UU1KLUYI
unix  2      [ ACC ]     STREAM     LISTENING     13755    @/tmp/dbus-GoVnB738xE
unix  2      [ ACC ]     STREAM     LISTENING     10844    /var/run/dbus/system_bus_socket
unix  2      [ ACC ]     STREAM     LISTENING     9672     @/com/ubuntu/upstart
unix  2      [ ACC ]     STREAM     LISTENING     10088    /var/run/sdp
unix  2      [ ACC ]     STREAM     LISTENING     12652    /var/run/acpid.socket
unix  2      [ ACC ]     STREAM     LISTENING     11388    /var/run/samba/nmbd/unexpected
unix  2      [ ACC ]     SEQPACKET  LISTENING     1935     /run/udev/control
unix  2      [ ACC ]     STREAM     LISTENING     19605    @/tmp/dbus-96mDEiIXYs
unix  2      [ ACC ]     STREAM     LISTENING     20085    @/dbus-vfs-daemon/socket-xUgXu05f
unix  2      [ ACC ]     STREAM     LISTENING     10175    /var/run/avahi-daemon/socket
unix  2      [ ACC ]     STREAM     LISTENING     3774006  @/dbus-vfs-daemon/socket-tfPuYBAd
unix  2      [ ACC ]     STREAM     LISTENING     14279    /run/user/1000/pulse/native
unix  2      [ ACC ]     STREAM     LISTENING     24750    /tmp/.com.google.Chrome.sB9dVB/SingletonSocket
unix  2      [ ACC ]     STREAM     LISTENING     13796    /run/user/1000/keyring-Qt4qES/ssh
unix  2      [ ACC ]     STREAM     LISTENING     13798    /run/user/1000/keyring-Qt4qES/gpg
unix  2      [ ACC ]     STREAM     LISTENING     13801    /run/user/1000/keyring-Qt4qES/pkcs11
unix  2      [ ACC ]     STREAM     LISTENING     11497    /var/run/gdm_socket
unix  2      [ ACC ]     STREAM     LISTENING     3477971  @/tmp/dbus-rSkDIWWoq1

Any help to make this work again please?

eiger3970

Fixed.
The server was faulty.
Installed a different server and works.