Introduction

To start a session from a NoMachine Client to a NoMachine Server, NoMachine Network uses hole-punching and all the network-traversal techniques that are standard in WebRTC and other technologies like these. When no network-traversal is possible, Network uses relay techniques, through a number of relay servers strategically located around the world to better serve NoMachine users.

Which ports are used by NoMachine Network?

Each computer with NoMachine installed that wants to be part of NoMachine Network (either to add the machine to NoMachine Network or connect to another machine via the NoMachine Network service) has to be able to connect to our Network Gateway Server for outgoing connections on ports 4040 TCP with fallback to 443 TCP, and the Network Relay Servers on port 4060 TCP/UDP with fallback to 443 TCP. For connections by browser the range is 22600-42600. Connections through the Network service will work even if both client and server are behind a firewall. Usually, these outgoing connections are allowed and no special configuration or any port opening is required, so that connecting with Network is completely transparent to the user. 

If the standard 4040 TCP and 4060 TCP and UDP ports are unavailable, NoMachine Network falls back to 443, a port generally used in a corporate setting. However, it may be beneficial to add a firewall rule to allow outgoing connections on these ports. All the IP addresses have PTR records that resolve to "*.nomachine.com", so these destination IPs may need to be added into your firewall configuration (outbound access) as "allowed".

Our statistics show that the current fail-rate is roughly at 1%. The only acceptable fail-rate is zero which is why we continue to work on resolving all those remaining cases where network and firewall configuration prevent the standard way NoMachine Network works.