Hi Seak,
I got the exact output seauence about this problem. Please refer the
following steps that i performed. Please note that wireless packates gone
through the firewall.
1. Machine X has the two interface wired IP: 148.88.162.134netmask:
255.255.252.0 and Wireless: 148.88.163.239 netmask:255.255.192.0
2. Machine Y has one interface wired IP: 148.88.172.239 netmask:
255.255.252.0
3. Machne Y tries to take VNC of machine X via wired IP then it
is working fine. For this the packates will not goes even to router also
instead communication can be taken place via access switch as both machine
are in same network.
4. Machine Y tries to take VNC of machine X via wireless IP then
I could see the following situation using Ethereal packat tracer:
- On machine Y I could see the packate SYN sent to
machine X using wireless IP
- On machine X i could see that packate SYN came
from machine Y
- machine X replied SYN ACK via wired connection(
not via wireless :-( )
- machine Y got the response SYN ACK packate from
machine X
- machine Y sending RST packate to machine X and
this process get repeated 2 times and then VNC says connection times out.
5. If i removed wired connection cable then it is connecting
successfuly.
I think here firewall rejecting the packates from machine Y towards the
wireless as firewall assume that only packates going but there is no
incoming packate from machine X(because machine X replying via wired
connection).
Could you please help me on how to make this working.
Thanks,
Paresh
On 6/30/08, Seak, Teng-Fong <[EMAIL PROTECTED]<[EMAIL PROTECTED]>>
wrote:
> Well, there was no firewall drawn in your network topology in
> that visio file. Anyway, admitting that you want to enforce security
> measure, but you shouldn't make your networks like that.
>
> Just put two disjoint/mutually exclusive network (addresses) to
> avoid problem. (Cf some network books.)
>
> I've no idea what you mean by "source machine replying ..." One
> thing is sure, your router is lost by your config.
>
> On Mon, Jun 30, 2008 at 2:31 PM, paresh masani <[EMAIL PROTECTED]>
> wrote:
> >>> I really don't know why you have to specified two (supposedly)
> >>>different network addresses for your wired and wireless connections.
> > This has been done intensionally because of security reason. The
> connection
> > requests comes from wireless IP will be gone through FireWall and for
> Wired
> > firewall does not needed.
> >
> > Here I am not understanding why the source machine is
> replying(presumably)
> > via wired IP while the request came from the wireless IP.
> >
> > Thanks,
> > Paresh
> >
> >
> > On 6/30/08, Seak, Teng-Fong <[EMAIL PROTECTED]<[EMAIL PROTECTED]>>
> wrote:
> >>
> >> Oh man, you've totally screwed up the subnet addresses (and the
> >> masks)! I don't have your Visio file any more, and thus I can't
> >> remember which of your networks has the x.y.5.0 address and which has
> >> the x.y.0.0 address, but the fact that one of your subnet masks
> >> includes the other (and similar network addresses), it's very likely
> >> that your router lost track of what to do.
> >>
> >> Actually, suppose you have the x.y.0.0 for your wired connection.
> >> Using the subnet masks, you have:
> >> x.y.0.0/255.255.252.0 ==> x.y.0.0 - x.y.3.255
> >> x.y.5.0/255.255.192.0 ==> x.y.0.0 - x.y.63.255
> >>
> >> You see, your wired connection is a part of your wireless
> >> connections! You're not supposed to do that (please read network
> >> reference book on this).
> >>
> >> I really don't know why you have to specified two (supposedly)
> >> different network addresses for your wired and wireless connections.
> >> I mean, I've setup about 6 wifi routers, and none of them needs me to
> >> do so. Both wired and wireless use the same network address and
> >> network mask.
> >>
> >> HTH
> >>
> >>
> >> On Thu, Jun 26, 2008 at 1:06 PM, paresh masani <[EMAIL PROTECTED]>
> >> wrote:
> >> > Hmmm...You are right. We use different net-masks(255.255.252.0 for
> >> > wired, 255.255.192.0 for wireless) for both wired and wire-less
> >> > connections.
> >> > And also default gateways are different for both. I think the main
> >> > reason
> >> > having this problem is because of two different access point. I could
> >> > see
> >> > that when I am taking VNC of machine using wire-less IP then
> destination
> >> > machine showing incoming request saying SYN_RCVD state but I think it
> is
> >> > replying to source machine via wired connection and source machine is
> >> > rejecting the response as it did not send any packat to specified
> wired
> >> > IP.
> >> > What do you say? This might be problem.
> >> >
> >> > Thanks,
> >> > Paresh
> >> >
> >> >
> >> > On 6/23/08, Seak, Teng-Fong <[EMAIL PROTECTED]<[EMAIL PROTECTED]>>
> wrote:
> >> >>
> >> >> I can't give you the answer since you didn't specify the subnet
> >> >> mask used in your network.
> >> >>
> >> >> If I take it as 255.255.0.0, then yes, yours is the same as
> mine.
> >> >> Well, almost, actually. The computer on which VNC viewer is running
> >> >> only has wired connection; it has no wireless NIC.
> >> >>
> >> >> If I take it as 255.255.255.0, then no, they're different.
> >> >>
> >> >> Actually, I was talking about logical topology. Not physical
> >> >> topology. And as a matter of fact, I don't think having one access
> >> >> point or two access points would change anything.
> >> >>
> >> >>
> >> >> On Wed, Jun 18, 2008 at 10:08 AM, paresh masani
> >> >> <[EMAIL PROTECTED]>
> >> >> wrote:
> >> >> > Thanks for doing testing. Could you please make sure that the
> network
> >> >> > topology you have tested and my network's topology(attached file)
> is
> >> >> > same.
> >> >> > Please check all the three cases and Please let me know if real VNC
> >> >> > will
> >> >> > work in all cases or not.
> >> >> >
> >> >> > Thanks,
> >> >> > Paresh
> >> >> _______________________________________________
> >> >> VNC-List mailing list
> >> >> VNC-List@realvnc.com
> >> >> To remove yourself from the list visit:
> >> >> http://www.realvnc.com/mailman/listinfo/vnc-list
> >> >
> >> >
> >> _______________________________________________
> >> VNC-List mailing list
> >> VNC-List@realvnc.com
> >> To remove yourself from the list visit:
> >> http://www.realvnc.com/mailman/listinfo/vnc-list
> >
> >
> _______________________________________________
> VNC-List mailing list
> VNC-List@realvnc.com
> To remove yourself from the list visit:
> http://www.realvnc.com/mailman/listinfo/vnc-list
>
_______________________________________________
VNC-List mailing list
VNC-List@realvnc.com
To remove yourself from the list visit:
http://www.realvnc.com/mailman/listinfo/vnc-list
