Nomachine V4 cannot connect through firewall

Hi

I have nomachine installed, the proprietary version, downloaded from nomachine site as RPM:

john@opensuse:~> rpm -qa | grep noma
nomachine-4.0.368-1.x86_64

It works just fine as a remote desktop link, connecting from windows 8 machine in one room, to my openSUSE machine in another room, across the local LAN.

BUT I have to turn SuSEfirewall2 off to make a connection and then I can turn it back on again once the connection is established and the connection will endure with the firewall protecting me again.

What settings are needed in SuSEfirewall2 to allow the connection inbound to openSUSE?

Thanks
swerdna

On Thu 12 Dec 2013 09:36:01 PM CST, swerdna wrote:

Hi

I have nomachine installed, the proprietary version, downloaded from
nomachine site as RPM:

Code:

john@opensuse:~> rpm -qa | grep noma
nomachine-4.0.368-1.x86_64

It works just fine as a remote desktop link, connecting from windows 8
machine in one room, to my openSUSE machine in another room, across the
local LAN.

BUT I have to turn SuSEfirewall2 off to make a connection and then I can
turn it back on again once the connection is established and the
connection will endure with the firewall protecting me again.

What settings are needed in SuSEfirewall2 to allow the connection
inbound to openSUSE?

Thanks
swerdna

Hi
It uses ssh, so allow port 22 :wink: Just use YaST firewall and add allowed
services secure shell server.


Cheers Malcolm °¿° SUSE Knowledge Partner (Linux Counter #276890)
SLED 11 SP3 (x86_64) GNOME 2.28.0 Kernel 3.0.101-0.8-default
If you find this post helpful and are logged into the web interface,
please show your appreciation and click on the star below… Thanks!

Hi
So just installed it, if you use the nx protocol, for me it was 4000 TCP and 4300 UDP to manually add via advanced firewall setting. I actually removed it and went back to 3.5 as 4.0 seems to need a desktop session running…no good for me :wink:

Thanks Malcolm. That fixed it for me.

Just to be clear:
I took out ssh as an allowed service and use the advanced GUI to add 4000 TCP and 4300 UDP and now it works.

[odd about the no-need for ssh]

I must say: this is the first time in years (first time since KDE was version 3) that I have a good remote desktop connection into a Linux machine. All this time I’ve resisted using the proprietary software, silly me.

Hi
It works very well, times they are a changing… :wink:

For everyone’s information. The free version of NoMachine v4 no longer supports connecting directly via SSH (it is only supported in the Enterprise version).
In fact when you download the rpm from their website, you are confronted with this warning:

NoMachine NX Free Edition 3 users read here:

The free NoMachine 4 is a new product aimed at a different use case. While NoMachine NX Free Edition 3 offered a free terminal server with virtual desktops created on demand, the free NoMachine 4 is designed to work the same across Windows, Mac and Linux and give users access to the physical desktop of the remote computer. If you need to create virtual desktops on demand, want to limit the logins to SSH, or are using NIS, Kerberos or other enterprise server functionalities, you need one of the NoMachine Enterprise server products you can download here.

Note that you can use NoMachine 4 as a client of an Enterprise server, or you can download the free Enterprise client here.

More information on this topic can be found here:

Some people don’t like these changes, and have suggested some alternatives here [arstechnica.com]

However, it is still possible to use SSH, as long as you create a tunnel to the machine you are trying to connect to. This is very well documented by NoMachine on their website here:

Connecting through SSH has some advantages:

  • It [size=2]doesn’t require you to open any ports in the Firewall on the server side (apart from a port for SSH).
  • It doesn’t rely on a single encryption technique to keep your data safe. (Set up password protected private-public SSH key pair for optimal security; more info: basics, link1, link2)
  • It combines well with SSH so that it can also be used to connect to machine’s that are in a (corporate / academic) network where the machine can only be reached via an SSH Stepstone. (see Note 1 below)
  • Can easily connect to a multi monitor setup (however, this works best if both the resolution and the number of screen on client and server match)

And some disadvantages:

  • According to NoMachine it is slower (more processes involved and more encryption steps) than using their own protocol.
    [/size]- Audio doesn’t work yet (application says: “Audio disabled on local connection”, which makes a bit of sense since I connect to localhost), but apparently it’s a bug that’s going to be fixed.
  • Same problem for USB Devices, it seems. (“USB Devices disabled on local connection”)
  • Also I haven’t been able to connect to printers on the server yet, or connect a disk.
  • There was some problem with changing the resolution of the server to my client’s resolution (I would get kicked out) but as long as I adopt the server’s resolution, things work fine.
    Nevertheless, the basic works, and it works smoothly*.

### Note 1: To use NX via an SSH Stepstone ###

Imagine the scenario where you cannot connect directly from a local pc to your remote pc because of a restrictive firewall.
However you can connect to a machine in the same network as your remote pc via SSH, and this machine can then connect to your remote pc. This is called an SSH Stepstone server.
i.e.
local-pc <---- SSH ----> SSH_Stepstone <---- SSH ----> remote-pc1

To work with NX in this case, add to your ~/.ssh/config file the following lines for respectively your SSH Stepstone server and your remote pc:


Host stepstone
  User <your username>
  HostName stepstone-server-hostname.domain.tld

Host remote-pc-hostname.domain.tld remote-pc
  ProxyCommand ssh -q stepstone nc %h %p

Now you should be able to create a tunnel

ssh -L 4003:localhost:4000 username@remote-pc-hostname.domain.tld

And then point NX to your localhost port 4003

  • Disclaimer: My personal opinion. I am in no way affiliated with NoMachine; just a regular academic user.