Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Port Forwarding with DynDNS

E

EnigMoiD

macrumors member
Original poster
Aug 10, 2007
99
0
I've been trying to use DynDNS with my Belkin router to forward ports for VNC and FTP, and I've gotten as far as having one port probe website show ports 21 and 5900 as "open."

I can also connect to the DynDNS address and configure my router, which I guess is expected.

For port forwarding, I've told ports 5900-5900 from outside to go to ports 5900-5900 on my computer, whose local IP is static at 192.168.2.4. Same for port 21.

However, typing in vnc://<my host> or ftp://<my host> doesn't work. If I try to use cyberduck, it says "connection refused," as opposed to connection failed if the address doesn't exist, so I know there's something up, but I don't know why it's not working. And I don't think it's the way the VNC or FTP servers themselves are set up; that's pretty simple.
 
Have you tried it from outside your local network?

When you are on your local network use vnc://192.168.2.4
When you are outside your local network use vnc://<my host>
 
lkirkup said:
Have you tried it from outside your local network?

When you are on your local network use vnc://192.168.2.4
When you are outside your local network use vnc://<my host>
Click to expand...

I haven't tried from outside my own network, but I didn't think that using vnc://<my host> within my network would fail... maybe it does. Thanks, I'll try it.

And @Laminator, the computer's firewall is off. The router has some sort of firewall, but that's why I'm using port forwarding.
 
Where are you typing vnc://<my host>?

I do this all the time from Finder -> Go -> Connect to Server so it should be working...

You have remembered to enable screen sharing in your system preferences settings?

Sorry if the above is blindingly obvious to you, just trying to cover the bases :)

As regards FTP (port 21), are you getting as far as the initial prompt or just not seeing anything? For example using a telnet command from the terminal like the following should come back with a banner. If you're getting that far but are still having problems then you need to Google passive mode FTP.

iMac:~ $ telnet ftp.server.net 21
Trying 192.168.0.3...
Connected to ftp.server.net.
Escape character is '^]'.
220-Microsoft FTP Service
***************************************
* This is a private system *
* Do not attempt access without *
* relevant authorisation! *
220 ***************************************

(Names and addresses changed to protect the guilty...)

If you're still struggling then you could resort to using the tcpdump command, the standard packet sniffer. Something like the following should show you if vnc packets are getting as far as the ethernet interface on your computer:

sudo tcpdump port 5900

Then attempt the connection and watch for output.
 
Turns out the problem was pretty simple-If I type vnc://<my host> while on my local network, it doesn't work, but it does if I'm on some other network-tested it at a Panera Bread today. I can live with that, since it was the whole point anyway. Thanks for the help.
 
As a rule of thumb, never have your router configuration accessible from the internet unless you have a _very_ strong password, as an attacker could easily guess your admin password and then disable your firewall, something you don't want to happen any time soon.
 
EnigMoiD said:
Turns out the problem was pretty simple-If I type vnc://<my host> while on my local network, it doesn't work, but it does if I'm on some other network-tested it at a Panera Bread today. I can live with that, since it was the whole point anyway. Thanks for the help.
Click to expand...

I actually work on DynDNS Ninja Squad (ie: the support team). That behavior you are seeing sounds like a loopback connection issue:

http://www.dyndns.com/support/kb/loopback_connections.html

Let me know if you have further questions, I will be glad to assist.
 
chrisgeleven said:
I actually work on DynDNS Ninja Squad (ie: the support team). That behavior you are seeing sounds like a loopback connection issue:

http://www.dyndns.com/support/kb/loopback_connections.html

Let me know if you have further questions, I will be glad to assist.
Click to expand...

I found the problem, but it's cool to know that someone from DynDNS is in these forums. Loopback sounds like my router can't forward ports in both directions (which is sort of what I'm asking it to do) but that's no problem since there's no reason I would need to go through the internet and back to get to my computer on my local network.

jbuk makes a point that I was a little worried about... I have an admin password on my router, but is there any way to password protect my DynDNS host itself, without paying for some sort of upgrade?
 
EnigMoiD said:
I found the problem, but it's cool to know that someone from DynDNS is in these forums/
Click to expand...

I was just doing my normal browsing around the MacRumors forums and stumbled across this post quite accidently. Even though I am off the clock, I am glad to help you out.

Loopback sounds like my router can't forward ports in both directions (which is sort of what I'm asking it to do) but that's no problem since there's no reason I would need to go through the internet and back to get to my computer on my local network.
Click to expand...

Basically a loopback connection issue is caused by the router being confused which interface to forward the connection request to. Many routers will have settings (such as NAT redirection) that you can toggle to fix the issue. Like you said, as long as it isn't a big deal to not have access on your internal network, it shouldn't be an issue for you.

jbuk makes a point that I was a little worried about... I have an admin password on my router, but is there any way to password protect my DynDNS host itself, without paying for some sort of upgrade?
Click to expand...

Few things you can do. Make sure your router's admin page is not accessible remotely from the Internet. Usually the router will have a setting to disable remote admin access. Make sure it is disabled and that should prevent any hacker from changing your router's settings. Doesn't hurt to give the router a unique password either to make things a tad more difficult.

We offer no password protection services for your DynDNS hostname. DynDNS is just a DNS service, so your computer asks what the IP address for example.dyndns.org is and we respond with the current IP address we have on file. At that point, we are out of the picture, as your computer will then connected directly to that IP address assigned to the hostname.

What I highly recommend doing is having a strong VNC password on your Mac. Plus it probably wouldn't hurt to look into SSH tunneling for extra security.
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back