Port Forwarding with Windows 7 Strangeness

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

Port Forwarding with Windows 7 Strangeness

GBear

First of all, I love Tight VNC, thank you to all who have made Tight VNC possible!

 

I am unable to connect to a Windows 7 VNC server through my firewall.  I can/could connect to an XP VNC server through that same firewall.

 

When I upgraded an XP machine to Windows 7, I could no longer connect to that VNC server through my firewall.  I can connect to an existing XP machine, then from that machine connect to my Windows 7 machines.  So I can connect to those Windows 7 machines from my internal network without a problem, just not through my firewall.

 

I believe I understand port forwarding well enough, and had no difficulty when the target VNC server was on XP.  But that same port forwarding configuration does not work with Windows 7.

 

It appears that Windows 7 networking is doing something differently regarding an internal LAN, and the other side of the firewall.  But what could that be?  My Win 7 machine is configured as:

         Public Network Discovery: on

         Public File and Printer Sharing: on

         Public folder sharing: on

         Public Media Streaming: off (could this be the problem?)

         Public File Sharing Connections: 128bit encryption

 

         Domain Media Streaming: off, and VNC works fine on my LAN to all machines.

         Home/Work Media Streaming: off

 

As a long time network admin, it’s a bit embarrassing that Microsoft networking could thwart me in this way.

 

Any suggestions would be greatly appreciated.  Thanks much.

Fred

 

Frederick C. Young

Perfect Circle Solutions

603 Seagaze Drive #276

Oceanside, CA  92054

Phn: 619.817-8440

Eml: [hidden email]

 

For Business Consulting and Business Software designed for Manufacturers, Distributors, Retailers, Exporters, and Public Warehouses; plus Internet Design and Hosting services, please contact Perfect Circle Solutions:

            On the Web at: www.perfectcircle.com

            Or via email at: [hidden email]

 


------------------------------------------------------------------------------

___________________________________________________________
TightVNC mailing list, [hidden email]
To change your subscription or to UNSUBSCRIBE, please visit
https://lists.sourceforge.net/lists/listinfo/vnc-tight-list
Reply | Threaded
Open this post in threaded view
|

Re: Port Forwarding with Windows 7 Strangeness

bill
On 12/20/2015 9:13 AM, Fred Young wrote:

First of all, I love Tight VNC, thank you to all who have made Tight VNC possible!

 

I am unable to connect to a Windows 7 VNC server through my firewall.  I can/could connect to an XP VNC server through that same firewall.

 

When I upgraded an XP machine to Windows 7, I could no longer connect to that VNC server through my firewall.  I can connect to an existing XP machine, then from that machine connect to my Windows 7 machines.  So I can connect to those Windows 7 machines from my internal network without a problem, just not through my firewall.

 

I believe I understand port forwarding well enough, and had no difficulty when the target VNC server was on XP.  But that same port forwarding configuration does not work with Windows 7.

 

It appears that Windows 7 networking is doing something differently regarding an internal LAN, and the other side of the firewall.  But what could that be?  My Win 7 machine is configured as:

         Public Network Discovery: on

         Public File and Printer Sharing: on

         Public folder sharing: on

         Public Media Streaming: off (could this be the problem?)

         Public File Sharing Connections: 128bit encryption

 

         Domain Media Streaming: off, and VNC works fine on my LAN to all machines.

         Home/Work Media Streaming: off

 

As a long time network admin, it’s a bit embarrassing that Microsoft networking could thwart me in this way.

 

Any suggestions would be greatly appreciated.  Thanks much.

Fred



I have the same problem.  I had a winXP as a TightVNC server and set up port forwarding (Netgear firewall/router FVS318) on a non-standard port with no problem.
I got a replacement computer with Win7, set up the VNC server the same way, but can not connect to it from the WAN or over a VPN.
???

bill

-- 
Bill Drescher
william {at} TechServSys {dot} com

------------------------------------------------------------------------------

___________________________________________________________
TightVNC mailing list, [hidden email]
To change your subscription or to UNSUBSCRIBE, please visit
https://lists.sourceforge.net/lists/listinfo/vnc-tight-list
Reply | Threaded
Open this post in threaded view
|

Re: Port Forwarding with Windows 7 Strangeness

Rick Moses
Hi All,

 I have 64 bit Windows 7 Professional (SP1) running TightVNC Server 2.7.10 that I access through a Cisco Appliance using OS X's built in VPN client with the Java Viewer version 2.7.2... I can state for a fact that this setup will work since I just tested it to make sure that what I was thinking was what was happening.

 Have you verified the firewall settings on the Windows box? I know Microsoft can turn things (like the firewall) back on after updates and other seemingly random times. Some antivirus programs will take over the firewall and some view VNC as a Potentially Unwanted Program or RAT.

 I would look at the Server and make sure you can access the proper ports and protocols for the client you're using. If you can connect to it from within the LAN, but not from the outside, it might be the the Windows firewall is allowing the connection from the subnet that the Windows 7 box is on but not the subnet that the VPN is configured to use (check the IP's using netstat -a at the command prompt on the windows boxes that you can connect to from the VPN). The routing for port forwarding is usually different from a VPN. The VPNs that I've used create an additional  subnet (for routing purposes) behind the firewall. This would require additional firewall changes for the subnets that Windows 7 Firewall will accept connections from.

 If everything looks OK turn on logging and check the tightVNC logs and the Windows system logs to see where it's falling down. With newer firewalls (windows and third party such as McAfee or Norton) there is more granular control, which is the same as saying there are more chances for things to get sent off into the weeds...

 

  Hope this helps,

Rick



On 12/20/15 12:09 PM, bill wrote:
On 12/20/2015 9:13 AM, Fred Young wrote:

First of all, I love Tight VNC, thank you to all who have made Tight VNC possible!

 

I am unable to connect to a Windows 7 VNC server through my firewall.  I can/could connect to an XP VNC server through that same firewall.

 

When I upgraded an XP machine to Windows 7, I could no longer connect to that VNC server through my firewall.  I can connect to an existing XP machine, then from that machine connect to my Windows 7 machines.  So I can connect to those Windows 7 machines from my internal network without a problem, just not through my firewall.

 

I believe I understand port forwarding well enough, and had no difficulty when the target VNC server was on XP.  But that same port forwarding configuration does not work with Windows 7.

 

It appears that Windows 7 networking is doing something differently regarding an internal LAN, and the other side of the firewall.  But what could that be?  My Win 7 machine is configured as:

         Public Network Discovery: on

         Public File and Printer Sharing: on

         Public folder sharing: on

         Public Media Streaming: off (could this be the problem?)

         Public File Sharing Connections: 128bit encryption

 

         Domain Media Streaming: off, and VNC works fine on my LAN to all machines.

         Home/Work Media Streaming: off

 

As a long time network admin, it’s a bit embarrassing that Microsoft networking could thwart me in this way.

 

Any suggestions would be greatly appreciated.  Thanks much.

Fred



I have the same problem.  I had a winXP as a TightVNC server and set up port forwarding (Netgear firewall/router FVS318) on a non-standard port with no problem.
I got a replacement computer with Win7, set up the VNC server the same way, but can not connect to it from the WAN or over a VPN.
???

bill

-- 
Bill Drescher
william {at} TechServSys {dot} com


------------------------------------------------------------------------------


___________________________________________________________
TightVNC mailing list, [hidden email]
To change your subscription or to UNSUBSCRIBE, please visit
https://lists.sourceforge.net/lists/listinfo/vnc-tight-list


------------------------------------------------------------------------------

___________________________________________________________
TightVNC mailing list, [hidden email]
To change your subscription or to UNSUBSCRIBE, please visit
https://lists.sourceforge.net/lists/listinfo/vnc-tight-list
Reply | Threaded
Open this post in threaded view
|

Re: Port Forwarding with Windows 7 Strangeness

Matthew Kozak
As Rick says, check your firewall and related software.
One of the biggest differences in networking between XP and 7 is 7's penchant to assign (or flip, even after the fact, such as when it detects a new router on the back-end or such) the network to "public" and thus default lockdown mode vs. "private" (or "work") and thus more trusting.  If you enable firewall settings, make sure you do so for public and/or private and check your current "network" and make sure its designation is private or that it matches the expected firewall settings, since public and private each have their own independent firewall settings.

Thanks,
-Matt

On Dec 20, 2015, at 1:34 PM, Rick Moses <[hidden email]> wrote:

Hi All,

 I have 64 bit Windows 7 Professional (SP1) running TightVNC Server 2.7.10 that I access through a Cisco Appliance using OS X's built in VPN client with the Java Viewer version 2.7.2... I can state for a fact that this setup will work since I just tested it to make sure that what I was thinking was what was happening.

 Have you verified the firewall settings on the Windows box? I know Microsoft can turn things (like the firewall) back on after updates and other seemingly random times. Some antivirus programs will take over the firewall and some view VNC as a Potentially Unwanted Program or RAT.

 I would look at the Server and make sure you can access the proper ports and protocols for the client you're using. If you can connect to it from within the LAN, but not from the outside, it might be the the Windows firewall is allowing the connection from the subnet that the Windows 7 box is on but not the subnet that the VPN is configured to use (check the IP's using netstat -a at the command prompt on the windows boxes that you can connect to from the VPN). The routing for port forwarding is usually different from a VPN. The VPNs that I've used create an additional  subnet (for routing purposes) behind the firewall. This would require additional firewall changes for the subnets that Windows 7 Firewall will accept connections from.

 If everything looks OK turn on logging and check the tightVNC logs and the Windows system logs to see where it's falling down. With newer firewalls (windows and third party such as McAfee or Norton) there is more granular control, which is the same as saying there are more chances for things to get sent off into the weeds... 

 

  Hope this helps,

Rick



On 12/20/15 12:09 PM, bill wrote:
On 12/20/2015 9:13 AM, Fred Young wrote:
<Mail Attachment.gif>
First of all, I love Tight VNC, thank you to all who have made Tight VNC possible!
 
I am unable to connect to a Windows 7 VNC server through my firewall.  I can/could connect to an XP VNC server through that same firewall.
 
When I upgraded an XP machine to Windows 7, I could no longer connect to that VNC server through my firewall.  I can connect to an existing XP machine, then from that machine connect to my Windows 7 machines.  So I can connect to those Windows 7 machines from my internal network without a problem, just not through my firewall.
 
I believe I understand port forwarding well enough, and had no difficulty when the target VNC server was on XP.  But that same port forwarding configuration does not work with Windows 7.
 
It appears that Windows 7 networking is doing something differently regarding an internal LAN, and the other side of the firewall.  But what could that be?  My Win 7 machine is configured as:
         Public Network Discovery: on
         Public File and Printer Sharing: on
         Public folder sharing: on
         Public Media Streaming: off (could this be the problem?)
         Public File Sharing Connections: 128bit encryption
 
         Domain Media Streaming: off, and VNC works fine on my LAN to all machines.
         Home/Work Media Streaming: off
 
As a long time network admin, it’s a bit embarrassing that Microsoft networking could thwart me in this way.
 
Any suggestions would be greatly appreciated.  Thanks much.
Fred


I have the same problem.  I had a winXP as a TightVNC server and set up port forwarding (Netgear firewall/router FVS318) on a non-standard port with no problem.
I got a replacement computer with Win7, set up the VNC server the same way, but can not connect to it from the WAN or over a VPN.
???

bill

-- 
Bill Drescher
william {at} TechServSys {dot} com


------------------------------------------------------------------------------


___________________________________________________________
TightVNC mailing list, [hidden email]
To change your subscription or to UNSUBSCRIBE, please visit
https://lists.sourceforge.net/lists/listinfo/vnc-tight-list

------------------------------------------------------------------------------
___________________________________________________________
TightVNC mailing list, [hidden email]
To change your subscription or to UNSUBSCRIBE, please visit
https://lists.sourceforge.net/lists/listinfo/vnc-tight-list


------------------------------------------------------------------------------

___________________________________________________________
TightVNC mailing list, [hidden email]
To change your subscription or to UNSUBSCRIBE, please visit
https://lists.sourceforge.net/lists/listinfo/vnc-tight-list