Results 1 to 7 of 7

Thread: Nomachine V4 cannot connect through firewall

  1. #1
    Join Date
    Mar 2008
    Location
    Oz
    Posts
    11,727
    Blog Entries
    2

    Default Nomachine V4 cannot connect through firewall

    Hi

    I have nomachine installed, the proprietary version, downloaded from nomachine site as RPM:

    Code:
    john@opensuse:~> rpm -qa | grep noma
    nomachine-4.0.368-1.x86_64
    It works just fine as a remote desktop link, connecting from windows 8 machine in one room, to my openSUSE machine in another room, across the local LAN.

    BUT I have to turn SuSEfirewall2 off to make a connection and then I can turn it back on again once the connection is established and the connection will endure with the firewall protecting me again.

    What settings are needed in SuSEfirewall2 to allow the connection inbound to openSUSE?

    Thanks
    swerdna
    Leap 42.3 & 15.1(Beta) &KDE
    FYIs from the days of yore

  2. #2
    Join Date
    Jun 2008
    Location
    Podunk
    Posts
    26,640
    Blog Entries
    15

    Default Re: Nomachine V4 cannot connect through firewall

    On Thu 12 Dec 2013 09:36:01 PM CST, swerdna wrote:


    Hi

    I have nomachine installed, the proprietary version, downloaded from
    nomachine site as RPM:


    Code:
    --------------------
    john@opensuse:~> rpm -qa | grep noma
    nomachine-4.0.368-1.x86_64
    --------------------


    It works just fine as a remote desktop link, connecting from windows 8
    machine in one room, to my openSUSE machine in another room, across the
    local LAN.

    BUT I have to turn SuSEfirewall2 off to make a connection and then I can
    turn it back on again once the connection is established and the
    connection will endure with the firewall protecting me again.

    What settings are needed in SuSEfirewall2 to allow the connection
    inbound to openSUSE?

    Thanks
    swerdna


    Hi
    It uses ssh, so allow port 22 Just use YaST firewall and add allowed
    services secure shell server.

    --
    Cheers Malcolm °¿° SUSE Knowledge Partner (Linux Counter #276890)
    SLED 11 SP3 (x86_64) GNOME 2.28.0 Kernel 3.0.101-0.8-default
    If you find this post helpful and are logged into the web interface,
    please show your appreciation and click on the star below... Thanks!


  3. #3
    Join Date
    Jun 2008
    Location
    Podunk
    Posts
    26,640
    Blog Entries
    15

    Default Re: Nomachine V4 cannot connect through firewall

    Hi
    So just installed it, if you use the nx protocol, for me it was 4000 TCP and 4300 UDP to manually add via advanced firewall setting. I actually removed it and went back to 3.5 as 4.0 seems to need a desktop session running...no good for me
    Cheers Malcolm °¿° SUSE Knowledge Partner (Linux Counter #276890)
    SUSE SLE, openSUSE Leap/Tumbleweed (x86_64) | GNOME DE
    If you find this post helpful and are logged into the web interface,
    please show your appreciation and click on the star below... Thanks!

  4. #4
    Join Date
    Mar 2008
    Location
    Oz
    Posts
    11,727
    Blog Entries
    2

    Default Re: Nomachine V4 cannot connect through firewall

    Quote Originally Posted by malcolmlewis View Post
    Hi
    So just installed it, if you use the nx protocol, for me it was 4000 TCP and 4300 UDP to manually add via advanced firewall setting. I actually removed it and went back to 3.5 as 4.0 seems to need a desktop session running...no good for me
    Thanks Malcolm. That fixed it for me.

    Just to be clear:
    I took out ssh as an allowed service and use the advanced GUI to add 4000 TCP and 4300 UDP and now it works.

    [odd about the no-need for ssh]
    Leap 42.3 & 15.1(Beta) &KDE
    FYIs from the days of yore

  5. #5
    Join Date
    Mar 2008
    Location
    Oz
    Posts
    11,727
    Blog Entries
    2

    Default Re: Nomachine V4 cannot connect through firewall

    I must say: this is the first time in years (first time since KDE was version 3) that I have a good remote desktop connection into a Linux machine. All this time I've resisted using the proprietary software, silly me.
    Leap 42.3 & 15.1(Beta) &KDE
    FYIs from the days of yore

  6. #6
    Join Date
    Jun 2008
    Location
    Podunk
    Posts
    26,640
    Blog Entries
    15

    Default Re: Nomachine V4 cannot connect through firewall

    Quote Originally Posted by swerdna View Post
    I must say: this is the first time in years (first time since KDE was version 3) that I have a good remote desktop connection into a Linux machine. All this time I've resisted using the proprietary software, silly me.
    Hi
    It works very well, times they are a changing....
    Cheers Malcolm °¿° SUSE Knowledge Partner (Linux Counter #276890)
    SUSE SLE, openSUSE Leap/Tumbleweed (x86_64) | GNOME DE
    If you find this post helpful and are logged into the web interface,
    please show your appreciation and click on the star below... Thanks!

  7. #7
    Join Date
    Jun 2008
    Location
    Amsterdam
    Posts
    57

    Post Re: Nomachine V4 cannot connect through firewall

    For everyone's information. The free version of NoMachine v4 no longer supports connecting directly via SSH (it is only supported in the Enterprise version).
    In fact when you download the rpm from their website, you are confronted with this warning:

    NoMachine NX Free Edition 3 users read here:

    The free NoMachine 4 is a new product aimed at a different use case. While NoMachine NX Free Edition 3 offered a free terminal server with virtual desktops created on demand, the free NoMachine 4 is designed to work the same across Windows, Mac and Linux and give users access to the physical desktop of the remote computer. If you need to create virtual desktops on demand, want to limit the logins to SSH, or are using NIS, Kerberos or other enterprise server functionalities, you need one of the NoMachine Enterprise server products you can download here.

    Note that you can use NoMachine 4 as a client of an Enterprise server, or you can download the free Enterprise client here.
    More information on this topic can be found here:

    Some people don't like these changes, and have suggested some alternatives here [arstechnica.com]

    However, it is still possible to use SSH, as long as you create a tunnel to the machine you are trying to connect to. This is very well documented by NoMachine on their website here:



    Connecting through SSH has some advantages:
    - It doesn't require you to open any ports in the Firewall on the server side (apart from a port for SSH).
    - It doesn't rely on a single encryption technique to keep your data safe. (Set up password protected private-public SSH key pair for optimal security; more info: basics, link1, link2)
    - It combines well with SSH so that it can also be used to connect to machine's that are in a (corporate / academic) network where the machine can only be reached via an SSH Stepstone. (see Note 1 below)
    - Can easily connect to a multi monitor setup (however, this works best if both the resolution and the number of screen on client and server match)

    And some disadvantages:
    - According to NoMachine it is slower (more processes involved and more encryption steps) than using their own protocol.
    - Audio doesn't work yet (application says: "Audio disabled on local connection", which makes a bit of sense since I connect to localhost), but apparently it's a bug that's going to be fixed.
    - Same problem for USB Devices, it seems. ("USB Devices disabled on local connection")
    - Also I haven't been able to connect to printers on the server yet, or connect a disk.
    - There was some problem with changing the resolution of the server to my client's resolution (I would get kicked out) but as long as I adopt the server's resolution, things work fine.
    Nevertheless, the basic works, and it works smoothly*.


    ### Note 1: To use NX via an SSH Stepstone ###

    Imagine the scenario where you cannot connect directly from a local pc to your remote pc because of a restrictive firewall.
    However you can connect to a machine in the same network as your remote pc via SSH, and this machine can then connect to your remote pc. This is called an SSH Stepstone server.
    i.e.
    local-pc <---- SSH ----> SSH_Stepstone <---- SSH ----> remote-pc1

    To work with NX in this case, add to your ~/.ssh/config file the following lines for respectively your SSH Stepstone server and your remote pc:

    Code:
    Host stepstone
      User <your username>
      HostName stepstone-server-hostname.domain.tld
    
    Host remote-pc-hostname.domain.tld remote-pc
      ProxyCommand ssh -q stepstone nc %h %p
    Now you should be able to create a tunnel
    Code:
    ssh -L 4003:localhost:4000 username@remote-pc-hostname.domain.tld
    And then point NX to your localhost port 4003

    * Disclaimer: My personal opinion. I am in no way affiliated with NoMachine; just a regular academic user.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •