NoMachine Support

Your questions answered

Knowledge Base

Searching in: Articles & FAQs
Filter the search results
Applies to:
Last update:
Searching in: Articles & FAQs
ID: AR11L00827
Applies to: NoMachine Server
Added on: 2014-11-28
Last update: 2020-02-26
How to connect to NoMachine when the server is behind a NAT router or a firewall

When the NoMachine (server) computer is behind a NAT router or a firewall, NoMachine tries to use the UPnP or NAT-PMP protocol (depending on what is supported by the router) to:

- Retrieve the public or external IP of the host machine where it's installed. 

- Configure the router to allow a NoMachine client to connect from outside of the private network.

All server types supports the UPnP/NAT-PMP port mapping, but only products tailored for personal user or small environments have it enabled by default:

UPnP/NAT-PMP port mapping is enabled by default for:

- NoMachine (free)

- NoMachine Workstation

- NoMachine Small Business Server

UPnP/NAT-PMP port mapping is disabled by default for:

- NoMachine Enterprise Desktop

- NoMachine Terminal Server

- NoMachine Enterprise Terminal Server

- NoMachine Cloud Server

- and NoMachine Enterprise Server v. 5 and 4.

Solving possible problems

The UPnP or NAT-PMP port mapping service can work efficiently only when:

1) It's enabled in the server configuration.

2) The router supports UPnP or NAT-PMP.

3) UPnP or NAT-PMP is enabled.

4) The router accepts UPnP or NAT-PMP commands for enabling port forwarding.


For point 4), if the router doesn't accept  UPnP or NAT-PMP commands, it will be necessary to configure it manually through its administrative interface.

If you are using NoMachine (free), you will need to open port 4000 on the router and map it to the public IP address of your NoMachine (server ) host.

Ports to be opened on the router and mapped to the public IP address of the server host are:

4000 for connections using the NX protocol.

22 or 4022 on Windows for connections using the SSH protocol.

4080 and 4443 for web connections.

Note also that the default port values can be changed from the NoMachine User Interface for server administration. Click on the !M icon in the system tray to open the menu and choose 'Show the service status' ('Connections' or ' Server status' for version 5 and 4) . Open then 'Server preferences' (previous called 'Connection preferences' for NoMachine free v. 5 and 4) and access the Services panel.

Enabling UPnP/NAT-PMP port mapping

If you using NoMachine (free), edit the server configuration  file (namely server.cfg) and set:

EnableUPnP NX        for users connecting with the NX protocol

Then restart NoMachine.
You can do that from the server's User Interface: click on the !M icon in the system tray and choose 'Show the service status'. Click then on the 'Restart the server' button.


For the subscription versions of NoMachine, the following additional options are available:

EnableUPnP NX        for users connecting with the NX protocol

EnableUPnP SSH     if users connect with  the SSH protocol

EnableUPnP HTTP    in the case of web connections

Multiple options can be specified, for example:



Then restart NoMachine.
You can do that from the server's User Interface as eplained above, or via command line (nxserver --restart).


Disabling UPnP/NAT-PMP port mapping

In the server configuration file (server.cfg) set:

EnableUPnP none

Then restart NoMachine.


Connections to the server will be still possible but only when the server host and the end-user's pc/device are on the same local LAN or the server has a public IP.



Where to find the server.cfg file

The configuration files for the server (server.cfg) are located as below. Up to v. 5, if Cloud Server is installed, the web player also comes with a configuration file, cloud.cfg. Starting from v. 6, keys for web sessions are included in server.cfg and the cloud.cfg file is no longer present,

Configuration files are placed in the 'etc' directory under the NoMachine installation directory:

/usr/NX/etc/server.cfg on Linux

InstallationDirectory/NoMachine/etc/server.cfg on Windows (e.g. C:\Program files (x86)\NoMachine\etc\server.cfg)

/Applications/ on Mac.