NX Free and lack of external IP

Is there a way to use NX Free with a PC that doesn’t have a external IP address?

External addresses are what the world sees, internal addresses are what you see. There is no way to connect to a computer that has only internal addresses except from that computer.

Let me rephrase your question to what I think you are asking

How do I use NX to connect from a remote machine to my computer through a router?
You need to know the external ip and have your router use NAT to route the request properly beforehand. If your ISP provides only dynamic ip addresses, you need a service that will translate a domain name to the current ip and have the computer you wish to connect to update that data periodically.

Yes, your right, sorry for my bad English :slight_smile: So how can I do it? Right now I am using Hamachi, but I want to try NX.
Would NX work with tunnelling?

Having never tried NX, I don’t know. I have only used vnc with ssh tunneling and compression. I would suspect that NX works on a similar level.

Perhaps you should repost with a different title? Ask for help in configuring NX. The external IP is a separate issue and requires using a service like dyn-dns which converts dynamic external IPs to domain names.

On Thu, 2009-02-26 at 20:56 +0000, rozbarwinek wrote:

> Yes, your right, sorry for my bad English :slight_smile: So how can I do it? Right
> now I am using Hamachi, but I want to try NX.
> Would NX work with tunnelling?
If you can ssh to the box, you can nx.

basicly, NX uses 2 ports


ssh for auth, 5000 for the session.

as far, as you have the possibility to route port 22(ssh) and 5000 (e.g. via tunnel, or a port forwarding from your router) - that will work.

comming from vnc via ssh, i will never switch back to that. :slight_smile:

nx-setup on opensuse is something about 5 minutes…


Port 5000 is only used if you don’t encapsulate your X traffic across your ssh tunnel. This was the old way things were setup as the clients had the ssh tunneling option turned off.

By default the new versions only require the ssh port to be open and all X traffic is sent through the ssh tunnel (there is an option in the newer clients to turn this off). Therefore, there is only one port that you need to have to forward on your router and that is the port you run ssh on.

From a security perspective I would highly recommend that if you are accessing/exposing your box on the internet that you change the ssh port from the default 22 to something higher. Alternatively port forward an external high port that you know about to the internal port 22. This will reduce the exposure to “script kiddy” attacks that solely target port 22.

There are various other sites that cover this sort of thing with ssh and the sort of things that you can do. Two other thing you may want to think about is turning off root login through ssh and enabling key-only authentication. I will leave the rest “as an exercise for the reader”… :slight_smile:

But I don’t have required port forwarding from router, that’s why I’m using hamachi right now :
Can anyone explain me how to make it working exactly?

What you will need to do is:

  1. Find out the IP address of the internal machine (the one that is running NX). Is it setup through DHCP? If it is then you will need to make sure it is statically assigned an IP address through DHCP (usually using MAC address mapping/locking on the router). If you can’t statically assign the machine an address through DHCP then you will need to statically assign an address on the machine itself. This is done through YaST, etc. You will probably want to check up on the other things that DHCP provides - such as DNS servers, etc. and make sure that you provide these to your machine.

  2. Jump onto your router (you don’t mention which one you have) and have a look up on the port forwarding section. It should be in the configuration webpage somewhere. In the port forwarding setup assign a port forward that allows from an external high port (say 49000 but you can select any one) into the IP address of the machine you want to NX onto to port 22.

  3. Depending on what else you have setup on your firewall (you don’t mention as to whether you can specify rulesets, etc) then you will want to allow external traffic from that high port into port 22 to that local IP. If it is a pretty simple router then you will probably not need to do this as all it will be doing is NAT.

  4. Now, on an external machine, fire up the NX client (I recommend the one from NoMachine, which is free but not sure as in “free” - there are other open source ones available). In the setup for the connection, connect to the external IP of your router (you should be able to get this from the status page of your router) with the port mentioned in step 2 (in this example port 49000). You may want to adjust the slider depending on where you are connecting from as to how good a connection you have. There are also other things that you can play around with but in this case the above is all you really need.

  5. Press the OK button to connect and away you go!

A couple of side issues to the above:

  • if your ISP dynamically assigns you an external IP address then you may want to look at DynDNS (provided your router supports it - most modern ones do). This way you don’t need to know your external IP address of your router, you just use the DynDNS name you have been assigned (makes things easier to remember).
  • check on the status of your NX server by using “nxserver --status” to make sure that things are up and running properly.

I would suggest that you start off connecting to your server internally before going external. That way you can isolate and solve the problems you may encounter as you go rather than not knowing where within your setup things are breaking.

Have fun… :slight_smile:

Oh, I should add that if you want to ssh onto your box externally then the above works the same. You will need to specify the port you want to connect in to as part of the ssh command (it is the -p flag but you can check this in ssh’s man page).