RealVNC being blocked.

Discussion in 'ESET Smart Security' started by bchandler, May 11, 2010.

Thread Status:
Not open for further replies.
  1. bchandler

    bchandler Registered Member

    Joined:
    May 11, 2010
    Posts:
    12
    I've setup clients using ERA & added a rule in the Personal firewall to allow port 5900 (vnc) both directions, local & remote, for the zone I created (the local subnet) and for good measure, the specific IP of the server so I can access clients needing help.
    However, I'm unable to connect via VNC unless I turn the Personal Firewall off directly on the client.
    Below is a screenshot of the rule I created.
    Can you please check this out & see what I'm doing wrong?
    Thanks.

    http://img189.imageshack.us/img189/5885/21794898.png
     
  2. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    I'd suggest enabling logging blocked connections in the IDS setup locally on the client, reproducing the problem and eventually checking the firewall log for details about the rule that blocked the communication. Subsequently you can edit the rule or remove it completely and thus allow communication for RealVNC. Remember to turn off the logging when you're finished so that the log doesn't fill up with tons of unnecessary entries.
     
  3. robis

    robis Registered Member

    Joined:
    Mar 21, 2009
    Posts:
    149
    try create rule via Interactive mode and see diferences
     
  4. bchandler

    bchandler Registered Member

    Joined:
    May 11, 2010
    Posts:
    12
    @Robis,
    So I'd switch it to interactive mode, allow VNC then use the Firewall Rules Merge wizard to apply to all workstations?
     
  5. bchandler

    bchandler Registered Member

    Joined:
    May 11, 2010
    Posts:
    12
    I set a client to interactive, allowed VNC, exported the rule via Firewall Rules Merge Wizard to an XML, then pushed the XML to all clients.
    I see the new rule in everyone's config, but VNC is still blocked.
    I checked the logs locally, but I don't see any entries. I do have logging setup, but nothing appears.
     
  6. red_jack

    red_jack Registered Member

    Joined:
    Aug 11, 2005
    Posts:
    56
    In your screen shot, you are saying remote port and local port are the same. This is rare to happen. Just allow the local port for 5900 and the remote side empty. Unless the app allows config, the remote port the PC connecting from will be a random port number above 1024. You are also going to need to allow the clipboard and chat if you use it.
    JFYI, if you are in trusted zone - if the remote PC does too many connections - IDS will trigger and block the PC. There is an option in the rules and zones to add IDS exclusion. This happened to me while using RealVNC, I think it was the shared printer option that triggered it but not certain.
    Jack
     
  7. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    If you have actually enabled logging of blocked connections and disabling the firewall makes the problem go away, the rule responsible for blocking the communication must be logged in the fw log.
     
Thread Status:
Not open for further replies.