Welcome to the MacNN Forums.

If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below.

You are here: MacNN Forums > Enthusiast Zone > Networking > Remote Desktop control many benind NAT

Remote Desktop control many benind NAT
Thread Tools
DeepDish
Forum Regular
Join Date: May 2001
Location: outside your window; your wife is look'n good
Status: Offline
Reply With Quote
Dec 7, 2002, 02:44 PM
 
Has anybody out there have any luck controling multiple macs with Apple Remote Desktop that are behind a NAT router?

I am on the road with my iBook a lot and need to maintain our office Macs that are all behind a NAT router. I can set up the router to pass through control of one computer, but not multiple macs.

Thanks for any advice,

DD
     
Camelot
Mac Elite
Join Date: May 1999
Location: San Jose, CA
Status: Offline
Reply With Quote
Dec 7, 2002, 05:01 PM
 
If you've already got one machine working, then you're already aware that Apple Remote Desktop uses UDP port 3283 for communication, and that you've setup port forwarding on your router to direct that traffic to a single machine.

About the only two ways I can think of overcoming this are to use non-standard ports or SSH Tunneling.

non-standard ports might work if ARD lets you specify which port number to connect to, and if your router supports port mapping (as well as port forwarding).

In your router, setup alternative port numbers to point to different machines' 3283. For example:

3283 -> machine1:3283
3284 -> machine2:3283
3285 -> machine3:3283

Then on your remote system, instead of telling ARD to connect to your <public IP address>, tell it to connect to <public IP address>:<port number of machine>, like:

123.45.67.89:3283 -> machine 1
123.45.67.89:3284 -> machine 2
123.45.67.89:3285 -> machine 3

If the router can perform port translation (as well as IP address translation), this may work for you.

The alternative is ssh tunneling:

The idea here is that you open an ssh tunnel to a single machine with specific commands that open a tunnel to one of the other machines in your internal network. In this way the machine to ssh to becomes a proxy for your ARD connections. You also get the advantage that all ARD traffic is encrypted in an SSH session.

Lets say your internal machines have IP addresses:

10.1.0.1
10.1.0.2
and 10.1.0.3

and your router has the public IP address 123.45.67.89

setup your router to forward incoming ssh (TCP 22) connections to the first machine (10.1.0.1)

Then on your external machine, run:

ssh -L 3283:<address of internal machine>:3283 123.45.67.89

i.e. ssh -L 3283:10.1.0.2:3283 123.45.67.89 to get to the second machine, and ssh -L 3283:10.1.0.3:3283 123.45.67.89 to get to the third machine.

The -L switch tells ssh to forward connections on a local port (in this case 3283) to the specified IP address and port (10.1.0.2:3283) on the other side of the SSH connection.

Once the SSH connection is open you can then tell ARD to connect to localhost. This will try to connect to 3283 on the local machine which should get tunneled across the ssh connection to the specified machine on the other side.

To change which machine you're connecting to, simply disconnect the ssh session and re-establish using another internal IP address.

I haven't tried this myself with ARD, but I do use SSH Tunneling a lot and it usually works.
( Last edited by Camelot; Dec 7, 2002 at 05:10 PM. )
Gods don't kill people - people with Gods kill people.
     
Camelot
Mac Elite
Join Date: May 1999
Location: San Jose, CA
Status: Offline
Reply With Quote
Dec 7, 2002, 05:08 PM
 
double post, sorry
     
DeepDish  (op)
Forum Regular
Join Date: May 2001
Location: outside your window; your wife is look'n good
Status: Offline
Reply With Quote
Dec 11, 2002, 01:37 PM
 
Thank you very much.

I will give these two options a try.

It might be over my head, but that is how I learn.

Thanks for the advice.

DD
     
   
 
Forum Links
Forum Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Top
Privacy Policy
All times are GMT -4. The time now is 07:40 PM.
All contents of these forums © 1995-2017 MacNN. All rights reserved.
Branding + Design: www.gesamtbild.com
vBulletin v.3.8.8 © 2000-2017, Jelsoft Enterprises Ltd.,