Is it my issue or the ISP?
July 3, 2007 7:46 AM Subscribe
I'm baffled. What could prevent a VNC connection between 2 DSL connections with the same ISP when a connection from a different ISP works just fine?
I have an office computer that's running a VNC server. It's sitting on a DSL connection with a fixed IP. I can connect to it with a viewer from *my* home (a different ISP). But, I can't connect from either my brother or parents' connections (the same ISP as the office machine).
My ISP at home is a big cable provider. The ISP in question is a small town telco providing DSL. I've been trying to troubleshoot with one of the network engineers there, but they clearly don't deal with this sort of thing often. They're totally helpful, but they're stupmed.
So I'm summoning the collective networking knowlege of the mefites.
I have an office computer that's running a VNC server. It's sitting on a DSL connection with a fixed IP. I can connect to it with a viewer from *my* home (a different ISP). But, I can't connect from either my brother or parents' connections (the same ISP as the office machine).
My ISP at home is a big cable provider. The ISP in question is a small town telco providing DSL. I've been trying to troubleshoot with one of the network engineers there, but they clearly don't deal with this sort of thing often. They're totally helpful, but they're stupmed.
So I'm summoning the collective networking knowlege of the mefites.
Also, try a 'tracert ipaddress' and see if completes.
posted by damn dirty ape at 8:02 AM on July 3, 2007
posted by damn dirty ape at 8:02 AM on July 3, 2007
In general can you make Internet connections between the two computers on the same ISP? Say, to a web server running on one of your machines? If not, then the ISP isn't routing packets correctly within their own network in general, and it's got nothing to do with VNC. If so, then the issue is probably some filtering policy they have around VNC. You might try running VNC on a different port number.
posted by Nelson at 8:03 AM on July 3, 2007
posted by Nelson at 8:03 AM on July 3, 2007
Are the IP addresses of the server and your family on the same subnet (first three segments of the IP address)?
Sometimes ISPs block traffic on the same subnet. If this is the case, you can have them reassign IPs so there is no conflict (easy if they use static IP) between the three.
posted by effigy at 8:13 AM on July 3, 2007
Sometimes ISPs block traffic on the same subnet. If this is the case, you can have them reassign IPs so there is no conflict (easy if they use static IP) between the three.
posted by effigy at 8:13 AM on July 3, 2007
could be either, but i'd guess it's your issue before the ISP's.
at the office: is the vnc server software configured to only allow certain IP addresses to connect, like for example yours at home? does your office have a firewall or other packet filtering mechanism that could be doing the same thing?
posted by poppo at 8:36 AM on July 3, 2007
at the office: is the vnc server software configured to only allow certain IP addresses to connect, like for example yours at home? does your office have a firewall or other packet filtering mechanism that could be doing the same thing?
posted by poppo at 8:36 AM on July 3, 2007
I used to work at an ISP doing a lot of work on DSL circuits. I know that our router didn't allow packets between DSL circuits by default and we had to specifically bridge circuits that needed to communicate. Check if you can ping the other computer and double check your settings but it may, indeed, be your ISP.
posted by MasterShake at 9:17 AM on July 3, 2007
posted by MasterShake at 9:17 AM on July 3, 2007
effigy sounds correct to me. ISPs would rather not have viruses spread amongst a bunch of subscriber computers that are unrelated to each other, but toplogically close to each other on the network. There were a number of viruses that nailed big cable providers by preferentially trying all adjacent IP addresses, figuring (correctly) that those would be a motherlode of unpatched Windows machines on fast connections. Thus: it's better if subscribers can't contact each other directly. Your ISP's routers are set to isolate customers from each other. effigy's solution of changing one of the IP addresses will probably work.
posted by jellicle at 9:19 AM on July 3, 2007
posted by jellicle at 9:19 AM on July 3, 2007
Response by poster: All of the connections have their respective routers open on the proper ports, but are unable to even ping back and forth. We're not filtering any IPs inside VNC, so that's wide open as well.
The machines that can't connect to each other *are* indeed on the same subnet. So, I'll bring up what a few of you are getting at with regard to isolation of subscribers when I speak with the ISP later today.
Thanks a lot. I'll post back with results.
posted by braintoast at 9:46 AM on July 3, 2007
The machines that can't connect to each other *are* indeed on the same subnet. So, I'll bring up what a few of you are getting at with regard to isolation of subscribers when I speak with the ISP later today.
Thanks a lot. I'll post back with results.
posted by braintoast at 9:46 AM on July 3, 2007
The machines that can't connect to each other *are* indeed on the same subnet. So, I'll bring up what a few of you are getting at with regard to isolation of subscribers when I speak with the ISP later today.
You can probably fix this yourself on the machines that won't connect by providing a different subnet figure. Sadly, I try to avoid thinking about subnetting whenever possible, but I'm sure somebody else will suggest something. Maybe 255.255.255.127, rather than 255.255.255.0?
posted by deeper red at 11:34 AM on July 3, 2007
You can probably fix this yourself on the machines that won't connect by providing a different subnet figure. Sadly, I try to avoid thinking about subnetting whenever possible, but I'm sure somebody else will suggest something. Maybe 255.255.255.127, rather than 255.255.255.0?
posted by deeper red at 11:34 AM on July 3, 2007
Don't fiddle with your subnet. Add specific routes for the hosts. I don't know what OS your using or the numbers involved but what you want to do is add a host route on machine A to machine B through default gateway, and vice versa.
When machines are on the same subnet, they will generally talk directly and avoid the default gateway. The ISP, obviously, doesn't want everyone to see each other so they won't act like a LAN.
A setup example for linux:
Machine A: 199.199.75.86/24
Machine B: 199.199.75.25/24
Same default gateway: 199.199.75.1
On machine A:
route add -host 199.199.75.25 gw 199.199.75.1
On machine B:
route add -host 199.199.75.86 gw 199.199.75.1
I haven't tested this but it's a simple routing setup.
posted by chairface at 3:45 PM on July 3, 2007 [1 favorite]
When machines are on the same subnet, they will generally talk directly and avoid the default gateway. The ISP, obviously, doesn't want everyone to see each other so they won't act like a LAN.
A setup example for linux:
Machine A: 199.199.75.86/24
Machine B: 199.199.75.25/24
Same default gateway: 199.199.75.1
On machine A:
route add -host 199.199.75.25 gw 199.199.75.1
On machine B:
route add -host 199.199.75.86 gw 199.199.75.1
I haven't tested this but it's a simple routing setup.
posted by chairface at 3:45 PM on July 3, 2007 [1 favorite]
I suggest running tracetcp from each end, with the destination port being that which the VNC server listens on. You'll then have no problems seeing where the packets are being blocked, if that is the problem.
posted by c0nsumer at 4:30 PM on July 3, 2007
posted by c0nsumer at 4:30 PM on July 3, 2007
« Older Geology-related gifts for new middle school... | How to limit access to an RSS feed? Newer »
This thread is closed to new comments.
posted by damn dirty ape at 8:01 AM on July 3, 2007