Port Forwarding with DynDNS

Discussion in 'macOS' started by EnigMoiD, Apr 18, 2010.

  1. EnigMoiD macrumors member

    Joined:
    Aug 10, 2007
    #1
    I've been trying to use DynDNS with my Belkin router to forward ports for VNC and FTP, and I've gotten as far as having one port probe website show ports 21 and 5900 as "open."

    I can also connect to the DynDNS address and configure my router, which I guess is expected.

    For port forwarding, I've told ports 5900-5900 from outside to go to ports 5900-5900 on my computer, whose local IP is static at 192.168.2.4. Same for port 21.

    However, typing in vnc://<my host> or ftp://<my host> doesn't work. If I try to use cyberduck, it says "connection refused," as opposed to connection failed if the address doesn't exist, so I know there's something up, but I don't know why it's not working. And I don't think it's the way the VNC or FTP servers themselves are set up; that's pretty simple.
     
  2. lkirkup macrumors newbie

    lkirkup

    Joined:
    Mar 5, 2010
    #2
    Have you tried it from outside your local network?

    When you are on your local network use vnc://192.168.2.4
    When you are outside your local network use vnc://<my host>
     
  3. The Laminator macrumors newbie

    Joined:
    Jun 5, 2008
    Location:
    Kansas City
    #3
    Is there a firewall active at the computer?

    Is there a firewall active at the computer?
     
  4. EnigMoiD thread starter macrumors member

    Joined:
    Aug 10, 2007
    #4
    I haven't tried from outside my own network, but I didn't think that using vnc://<my host> within my network would fail... maybe it does. Thanks, I'll try it.

    And @Laminator, the computer's firewall is off. The router has some sort of firewall, but that's why I'm using port forwarding.
     
  5. Serif macrumors regular

    Joined:
    Jul 10, 2008
    Location:
    UK
    #5
    Where are you typing vnc://<my host>?

    I do this all the time from Finder -> Go -> Connect to Server so it should be working...

    You have remembered to enable screen sharing in your system preferences settings?

    Sorry if the above is blindingly obvious to you, just trying to cover the bases :)

    As regards FTP (port 21), are you getting as far as the initial prompt or just not seeing anything? For example using a telnet command from the terminal like the following should come back with a banner. If you're getting that far but are still having problems then you need to Google passive mode FTP.

    iMac:~ $ telnet ftp.server.net 21
    Trying 192.168.0.3...
    Connected to ftp.server.net.
    Escape character is '^]'.
    220-Microsoft FTP Service
    ***************************************
    * This is a private system *
    * Do not attempt access without *
    * relevant authorisation! *
    220 ***************************************

    (Names and addresses changed to protect the guilty...)

    If you're still struggling then you could resort to using the tcpdump command, the standard packet sniffer. Something like the following should show you if vnc packets are getting as far as the ethernet interface on your computer:

    sudo tcpdump port 5900

    Then attempt the connection and watch for output.
     
  6. EnigMoiD thread starter macrumors member

    Joined:
    Aug 10, 2007
    #6
    Turns out the problem was pretty simple-If I type vnc://<my host> while on my local network, it doesn't work, but it does if I'm on some other network-tested it at a Panera Bread today. I can live with that, since it was the whole point anyway. Thanks for the help.
     
  7. jbuk macrumors regular

    Joined:
    Jun 8, 2009
    #7
    As a rule of thumb, never have your router configuration accessible from the internet unless you have a _very_ strong password, as an attacker could easily guess your admin password and then disable your firewall, something you don't want to happen any time soon.
     
  8. chrisgeleven macrumors 6502

    Joined:
    Apr 28, 2002
    Location:
    Manchester, NH
    #8
    I actually work on DynDNS Ninja Squad (ie: the support team). That behavior you are seeing sounds like a loopback connection issue:

    http://www.dyndns.com/support/kb/loopback_connections.html

    Let me know if you have further questions, I will be glad to assist.
     
  9. EnigMoiD thread starter macrumors member

    Joined:
    Aug 10, 2007
    #9
    I found the problem, but it's cool to know that someone from DynDNS is in these forums. Loopback sounds like my router can't forward ports in both directions (which is sort of what I'm asking it to do) but that's no problem since there's no reason I would need to go through the internet and back to get to my computer on my local network.

    jbuk makes a point that I was a little worried about... I have an admin password on my router, but is there any way to password protect my DynDNS host itself, without paying for some sort of upgrade?
     
  10. chrisgeleven macrumors 6502

    Joined:
    Apr 28, 2002
    Location:
    Manchester, NH
    #10
    I was just doing my normal browsing around the MacRumors forums and stumbled across this post quite accidently. Even though I am off the clock, I am glad to help you out.

    Basically a loopback connection issue is caused by the router being confused which interface to forward the connection request to. Many routers will have settings (such as NAT redirection) that you can toggle to fix the issue. Like you said, as long as it isn't a big deal to not have access on your internal network, it shouldn't be an issue for you.

    Few things you can do. Make sure your router's admin page is not accessible remotely from the Internet. Usually the router will have a setting to disable remote admin access. Make sure it is disabled and that should prevent any hacker from changing your router's settings. Doesn't hurt to give the router a unique password either to make things a tad more difficult.

    We offer no password protection services for your DynDNS hostname. DynDNS is just a DNS service, so your computer asks what the IP address for example.dyndns.org is and we respond with the current IP address we have on file. At that point, we are out of the picture, as your computer will then connected directly to that IP address assigned to the hostname.

    What I highly recommend doing is having a strong VNC password on your Mac. Plus it probably wouldn't hurt to look into SSH tunneling for extra security.
     

Share This Page