Mark, I'm afraid I really don't understand your network setup! You have a NAT router, so you don't need a separate firewall, but you do have a separate firewall, but the things connected to it see also to be connected directly to the router and so the firewall isn't actually firewalling. I'm also not sure what you mean by "public as far as SSH is concerned" since SSH doesn't have any concept of IP addresses being public or private and is not involved in firewalling. You originally stated that you had a problem with VNC Viewer, which you've since stated only occurs if you use a machine's direct-to-ADSL address rather than its via-Linux-PC address, but you've then said that you only added the direct-to-ADSL address because you had problems with VNC, so I'm not sure what setup it is that you're actually having problems with.
I wondered whether when you said "Linux firewall", you actually just mean "Linux SSH server", but that wouldn't explain why you have two distinct sets of IP addresses. :( Wez @ RealVNC Ltd. > -----Original Message----- > From: Mark [mailto:[EMAIL PROTECTED] > Sent: 13 June 2005 16:13 > To: James Weatherall > Cc: [email protected]; [EMAIL PROTECTED]; > [EMAIL PROTECTED] > Subject: Re: Screen freezing in VNC4.1.1 over SSH > > Wez, > > If everything was working fine, the VNC server would have only one IP > address in th 10.0.0.x range and one NIC. I tried it on the > 192.168.0.x (ie public as far as the linux SSH server is concerned, > but still behind the ADSL router NAT) range just to see if it made any > difference. As I had a machine with 2 network cards, I set it up so I > could switch from one to the other with no other changes to make > testing easier. > > In this test setup, both 192.168.0.x and 10.0.0.x interfaces of both > the Linux firewall and the VNC server are plugged into the same hub > (though I will try separating to see if that makes a difference). > > Normally the ADSL router acts as a hub for the local network (ie there > is both 192.168.0.x traffic and 10.0.0.x traffic on the one hub), so > yes there are potentially other things connected to the ADSL router, > though I have reproduced the problem with nothing else connected. I > realise running both ranges on one hub isn't perfect from a security > point of view, but it's adequate for what I need security wise. > > Thanks, > > mark. > > On 6/13/05, James Weatherall <[EMAIL PROTECTED]> wrote: > > Mark, > > > > I don't understand your network configuration. Why does > your "VNC server > > machine" have two IP addresses? Are both of its network > cards connected to > > the linux firewall? Is anything on your network connected > directly to the > > ADSL router? > > > > Wez @ RealVNC Ltd. > > > > > > > -----Original Message----- > > > From: [EMAIL PROTECTED] > > > [mailto:[EMAIL PROTECTED] On Behalf Of Mark > > > Sent: 13 June 2005 11:36 > > > To: James Weatherall > > > Cc: [email protected]; [EMAIL PROTECTED]; > > > [EMAIL PROTECTED] > > > Subject: Re: Screen freezing in VNC4.1.1 over SSH > > > > > > I have investigated further and have found a scenario > where one change > > > makes the problem appear. The test setup is as follows:- > > > > > > VNC viewer/PuTTY SSH tunnel > > > | > > > Linux firewall, ADSL router > > > | > > > <internet> > > > | > > > ADSL router - NAT 192.168.0.x > > > | > > > Linux Firewall, terminating SSH session > > > external IP 192.168.0.254 > > > internal IP 10.0.0.1 (separate physical ethernet card, same > > > LAN segment) > > > NAT -> 10.0.0.x > > > | > > > VNC server machine > > > IP 192.168.0.13 > > > IP 10.0.0.23 > > > (I have 2 separate cards in the machine, though the > result is the same > > > if I change the IP and only use 1) > > > > > > Result: > > > If I port forward to the 192.168.0.13 IP address the VNC > > > connection is stable. > > > If I port forward to the 10.0.0.23 IP address, the VNC > > > session hangs as before > > > > > > The only difference between these two sessions is that > the Linux box > > > terminating the SSH connection is forwarding to a 'public' address > > > (from it's point of view) in one case and to a private > address in the > > > other. > > > > > > I suppose the next steps would be to try segmenting the > LAN properly > > > and swapping the ethernet cards on the SSH terminating > linux server. > > > I'll report back once I have done that. > > > > > > Any other suggestions on what could be going on here? > > > > > > Thanks > > > > > > mark. > > > > > > > > > On 6/10/05, James Weatherall <[EMAIL PROTECTED]> wrote: > > > > Mark, > > > > > > > > The "bad" log indicates that VNC Viewer is seeing the > > > connection close and > > > > is then exiting. The only obvious difference between the > > > two logs is that > > > > the second session involves a change to the clipboard, > > > which will result in > > > > data being transmitted to the server if the clipboard > > > contents are text. If > > > > the contents were a large amount of text then this could > > > conceivably cause > > > > the viewer to appear to hang while it was being transferred > > > to the server. > > > > > > > > Regards, > > > > > > > > Wez @ RealVNC Ltd. > > > > > > > > > > > > > -----Original Message----- > > > > > From: Mark [mailto:[EMAIL PROTECTED] > > > > > Sent: 10 June 2005 17:21 > > > > > To: James Weatherall > > > > > Cc: [email protected]; [EMAIL PROTECTED]; > > > > > [EMAIL PROTECTED] > > > > > Subject: Re: Screen freezing in VNC4.1.1 over SSH > > > > > > > > > > Here are the full logs of a good and a bad session. To > > > make things as > > > > > close as possible, I minimised and unminimised it after a > > > few seconds > > > > > - ie before anything froze. > > > > > > > > > > FYI, on the bad session I minimised vncviewer at 17:09:52 and > > > > > unminimised it at 17:15:11. > > > > > > > > > > Thanks > > > > > > > > > > mark. > > > _______________________________________________ > > > VNC-List mailing list > > > [email protected] > > > To remove yourself from the list visit: > > > http://www.realvnc.com/mailman/listinfo/vnc-list _______________________________________________ VNC-List mailing list [email protected] To remove yourself from the list visit: http://www.realvnc.com/mailman/listinfo/vnc-list
