Why would ARD half work (VNC but no advanced features)?

[michaelsanford]

I've got a remote terminal which (claims to have) forwarded ports TCP and UDP 5900 and 3283 to the MacOS X 10.5.4 machine, which has run the custom Remote Desktop Installer I made.

My user was created just fine, and I can log in without difficulty over VNC (aka Screen Sharing) only, but nothing else. I had to disable "Encrypt everything" to add the terminal in the first place.

I have enabled Remote Login (i.e., the sshd subsystem) but have not forwarded port 22 to the OS X machine as it needs to go elsewhere.

No surprise, then, that encryption doesn't work, but what would cause all non-VNC services (like non-protected Copy) to be fail or to be disabled?

(Incidentally, the only other security option available is "Encrypt keystrokes only", which apparently does work, so it must have some access to sshd, right? Just guessing, it's not my main problem. I'm more concerned about not being able to copy and install.)

 

[Giaguara]

How about 5988?
Is your router forwarding also outgoing traffic on these ports?
What shows in Console when you use ARD (and it does this)?
Which exact version or ARD do you have on client and server side?
Can you copy any files to the desktop on the remote machine?

 

[michaelsanford]

• I have not forwarded 5988 (and never have, and it's worked on other implementations).
• I'm using 3.2.1 on 10.5.4 both ends (sorry, I always use latest software
• There are no console messages from ARD.

NOW for the tricky part. I also configured that terminal on my 10.3.9 iMac TFT (also 3.2.1), and it not only connected as it should have, with all advanced features–like reporting the current user and application, allowing me to send Administrator Messages–but it did it instantly, whereas my 10.5.4 iBook takes several seconds to realize where everything is.

So, it's obviously not a port forwarding problem on the managed client end, or a problem with my own router, but rather a problem with my iBook.

I have no firewall (Allow all incoming connections) and I have disabled Little Snitch's network filter (just to be on the safe side, though the only rule for ARD is "Allow everything").

Last thought: my iMac is itself also a managed terminal, and has 5900 and 3283 forwarded to it from the WAN side (so I can manage it when I'm not at this locaiton). Could this be the reason that it works properly from the iMac and not the iBook (because the iMac is listening for packets on those ports anyway)?

(Here, I'm running a DLink DI-624 with UPnP on, VPN passthroughs on.)

Additional: My goodness that is why! That's rediculous! When I changed the port forwards over to push 5900 & 3283 to my iBook, ARD works as normal. Now, how do I have my cake and eat it too, I wonder :/