How to connect to NoMachine when the server is behind a NAT router or a firewall

Knowledge Base

Searching in : Article

ID: AR11L00827

Applies to: NoMachine Server

Added on: 2014-11-28

Last Update: 2024-02-15

Print this article

How to connect to NoMachine when the server is behind a NAT router or a firewall

This article is superseded by:

Version 8 and later versions: https://kb.nomachine.com/AR04S01122
Version 7 and earlier versions: https://kb.nomachine.com/AR10R01099

When the NoMachine (server) computer is behind a NAT router or a firewall, NoMachine tries to use the UPnP or NAT-PMP protocol (depending on what is supported by the router) to:

- Retrieve the public or external IP of the host machine where it's installed.

- Configure the router to allow a NoMachine client to connect from outside of the private network.

All server types supports the UPnP/NAT-PMP port mapping, but only products tailored for personal user or small environments have it enabled by default:

UPnP/NAT-PMP port mapping is enabled by default for:

- NoMachine Free Edition

- NoMachine Workstation

- NoMachine Small Business Server

UPnP/NAT-PMP port mapping is disabled by default for:

- NoMachine Enterprise Desktop

- NoMachine Terminal Server

- NoMachine Enterprise Terminal Server

- NoMachine Cloud Server

- and NoMachine Enterprise Server v. 5 and 4.

Solving possible problems

The UPnP or NAT-PMP port mapping service can work efficiently only when:

1) It's enabled in the server configuration.

2) The router supports UPnP or NAT-PMP.

3) UPnP or NAT-PMP is enabled.

4) The router accepts UPnP or NAT-PMP commands for enabling port forwarding.

IMPORTANT

For point 4), if the router doesn't accept UPnP or NAT-PMP commands, it will be necessary to configure it manually through its administrative interface.

If you are using NoMachine Free Edition, you will need to open port 4000 on the router and map it to the public IP address of your NoMachine (server ) host.

Ports to be opened on the router and mapped to the public IP address of the server host are:

4000 for connections using the NX protocol.

22 or 4022 on Windows for connections using the SSH protocol.

4080 and 4443 for web connections.

Note also that the default port values can be changed from the NoMachine User Interface for server administration. Click on the !M icon in the system tray to open the menu and choose 'Show the service status' ('Connections' or ' Server status' for version 5 and 4) . Open then 'Server preferences' (previous called 'Connection preferences' for the free version of NoMachine v. 5 and 4) and access the Services panel.

Enabling UPnP/NAT-PMP port mapping

If you using NoMachine Free Edition, edit the server configuration file (namely server.cfg) and set:

EnableUPnP NX for users connecting with the NX protocol

Then restart NoMachine.
You can do that from the server's User Interface: click on the !M icon in the system tray and choose 'Show the service status'. Click then on the 'Restart the server' button.

For the subscription versions of NoMachine, the following additional options are available:

EnableUPnP NX for users connecting with the NX protocol

EnableUPnP SSH if users connect with the SSH protocol

EnableUPnP HTTP in the case of web connections

Multiple options can be specified, for example:

EnableUPnP NX,SSH,HTTP

Then restart NoMachine.
You can do that from the server's User Interface as eplained above, or via command line (nxserver --restart).

Disabling UPnP/NAT-PMP port mapping

In the server configuration file (server.cfg) set:

EnableUPnP none

Then restart NoMachine.

Connections to the server will be still possible but only when the server host and the end-user's pc/device are on the same local LAN or the server has a public IP.

Where to find the server.cfg file

The configuration files for the server (server.cfg) are located as below. Up to v. 5, if Cloud Server is installed, the web player also comes with a configuration file, cloud.cfg. Starting from v. 6, keys for web sessions are included in server.cfg and the cloud.cfg file is no longer present,

Configuration files are placed in the 'etc' directory under the NoMachine installation directory:

/usr/NX/etc/server.cfg on Linux

InstallationDirectory/NoMachine/etc/server.cfg on Windows (e.g. C:\Program files (x86)\NoMachine\etc\server.cfg)

/Applications/NoMachine.app/Contents/Frameworks/etc/server.cfg on Mac.

Id: AR11L00827

Applies to: NoMachine Server

Added on: 2014-11-28

Last Update: 2024-02-15

This article is superseded by:

Version 8 and later versions: https://kb.nomachine.com/AR04S01122
Version 7 and earlier versions: https://kb.nomachine.com/AR10R01099

When the NoMachine (server) computer is behind a NAT router or a firewall, NoMachine tries to use the UPnP or NAT-PMP protocol (depending on what is supported by the router) to:

- Retrieve the public or external IP of the host machine where it's installed.

- Configure the router to allow a NoMachine client to connect from outside of the private network.

All server types supports the UPnP/NAT-PMP port mapping, but only products tailored for personal user or small environments have it enabled by default:

UPnP/NAT-PMP port mapping is enabled by default for:

- NoMachine Free Edition

- NoMachine Workstation

- NoMachine Small Business Server

UPnP/NAT-PMP port mapping is disabled by default for:

- NoMachine Enterprise Desktop

- NoMachine Terminal Server

- NoMachine Enterprise Terminal Server

- NoMachine Cloud Server

- and NoMachine Enterprise Server v. 5 and 4.

Solving possible problems

The UPnP or NAT-PMP port mapping service can work efficiently only when:

1) It's enabled in the server configuration.

2) The router supports UPnP or NAT-PMP.

3) UPnP or NAT-PMP is enabled.

4) The router accepts UPnP or NAT-PMP commands for enabling port forwarding.

IMPORTANT

For point 4), if the router doesn't accept UPnP or NAT-PMP commands, it will be necessary to configure it manually through its administrative interface.

If you are using NoMachine Free Edition, you will need to open port 4000 on the router and map it to the public IP address of your NoMachine (server ) host.

Ports to be opened on the router and mapped to the public IP address of the server host are:

4000 for connections using the NX protocol.

22 or 4022 on Windows for connections using the SSH protocol.

4080 and 4443 for web connections.

Enabling UPnP/NAT-PMP port mapping

If you using NoMachine Free Edition, edit the server configuration file (namely server.cfg) and set:

EnableUPnP NX for users connecting with the NX protocol

Then restart NoMachine.
You can do that from the server's User Interface: click on the !M icon in the system tray and choose 'Show the service status'. Click then on the 'Restart the server' button.

For the subscription versions of NoMachine, the following additional options are available:

EnableUPnP NX for users connecting with the NX protocol

EnableUPnP SSH if users connect with the SSH protocol

EnableUPnP HTTP in the case of web connections

Multiple options can be specified, for example:

EnableUPnP NX,SSH,HTTP

Then restart NoMachine.
You can do that from the server's User Interface as eplained above, or via command line (nxserver --restart).

Disabling UPnP/NAT-PMP port mapping

In the server configuration file (server.cfg) set:

EnableUPnP none

Then restart NoMachine.

Connections to the server will be still possible but only when the server host and the end-user's pc/device are on the same local LAN or the server has a public IP.

Where to find the server.cfg file

Configuration files are placed in the 'etc' directory under the NoMachine installation directory:

/usr/NX/etc/server.cfg on Linux

InstallationDirectory/NoMachine/etc/server.cfg on Windows (e.g. C:\Program files (x86)\NoMachine\etc\server.cfg)

/Applications/NoMachine.app/Contents/Frameworks/etc/server.cfg on Mac.