[himrich]

I have four computers in my home and when I am on the road with my iPad I would like to be able to connect to anyone of them at any time. I have one computer running Tiger, two running Leopard and one running Snow Leopard. They are all behind an Airport Extreme using DHCP from Comcast. Here is what I have done so far:

1) I have obtained individual host names for each of them from dyndns.com.
2) I have downloaded Mocha VNC Lite for my iPad.
3) I have turned Remote Management in the Sharing Prefs and under 'computer settings' selected 'VNC viewers may control....' and password protected it.
4) I have gone into Airport Utility: manual setup, advanced, port mapping and set up apple remote desktop to one of the computers and this is where I get stuck.........

......when I try to create another port mapping link to a different computer (i.e. private IP address) I get an error. I know I can't use port 5900 for all of them but how do I set port 5901 for instance and how do I tell the computer I am trying to access that it should use that port?

Or is this the wrong solution all together?

[abbaZaba]

1) you don't need separate host names for each computer. one DNS will suffice, as the public IP address will be the same for each computer. the only thing that will change (which designates which computer) is the port number

now comes the somewhat tricky part: it is quite a hassle to change the VNC port in OSX. it will default 5900 on all four computers, which will only allow you to connect to one of them externally.

I suggest downloading Vine server Vine Server (OSXvnc) | Download Vine Server (OSXvnc) software for free at SourceForge.net and installing that on each computer. then, on each computer, set the Vine server port to something unique like 10100 for one, 10101 for the next and so on.

now, you will also need to know the NAT IPs of each of your home computers. you can go into System Preferences and click the Network tab. the NAT IP will look something like 198.168.x.x or (since you are using Airport) it might be something like 10.0.0.x.

next, you will need to go into Airport Utility and forward the appropriate ports to the appropriate NAT IP.

so, if you assigned Computer #1's Vine server to 10100 and it's NAT IP is 10.0.0.5, you go into Airport Utility and forward 10100 to 10.0.0.5. I don't use an Airport basestation so I'm not entirely familiar with how the options are setup but I don't think it will be hard to find what I am talking about.

post back if you still have questions.

[besson3c]

abbaZaba has your solution covered perfectly! The only two thing I would add is to make sure your individual computers are getting static IPs from your router so that they don't change randomly and break your ability to connect to them remotely. Second, technically you can NAT (network address translate) to public IP addresses too, I think what he means is to forward the appropriate ports to your private IP block (192.168.x.x, 10.x.x.x, whatever).

[abbaZaba]

to elaborate on Vine server:

it is an application but it also has a system server that runs in the background. I personally enable the system server option so that I do not need the application running at all times.

if you don't use the system server option, you can still put the Vine server application into your login items and, in its preferences, enable the server to start when application is launched.

but I recommend the system server as it's pretty much hassle free once you get the port and password set up.

[turtle777]

As far as I know, the Port Mapping in the Airport Utility can be done like this:

Public (i.e. outside) Port: 5901
Private IP 10.0.1.x
Private Ports: 5900



So, you should be able to address each individual computer (all of them listening to 5900) by calling in on different ports (5901, 5902, 5903...)

No VineServer installation necessary.

Am I missing something ?

-t

[besson3c]

Turtle: I don't think you're missing anything... You're right, the port the router listens to doesn't have to correspond to the port it forwards traffic to. The individual client machines can each listen on their default port this way.

[abbaZaba]

I never knew this was possible. that's pretty awesome.

[bmcgonag]

I would have suggested the same as abbaZabba, but besson3c is also correct. You can map, in most routers, one public port to a different private port, therefore no need to set different ports on software that may be running on several computers in a single private network.

[turtle777]

Bravo, besson3c *golfclap*

-t

[besson3c]

Turtle's idea, I do not want to steal his thunder... That might make him grouchy!

[turtle777]

Nah, I'm ok. Actually, normally, you would beat me at those kind of questions. It's all good.

-t

[himrich]

I am a little lost now folks. If I don't use Vine Server how do I change the port that the 2nd, 3rd and 4th computers are listening to?

In Airport Utility I get this explanation mark when attempting to make a change to public and private ports that don't agree.

See link: airport utility

I have Remote Management turned on for these computers if that makes any difference here.

PS I don't know how to post a picture in the forum but the link above should work. Sorry I'm such a novice. Thanks for your patience all.

[abbaZaba]

well I'm inexperienced when it comes to configuring the airport utility but perhaps try turning off the Remote Management option? that may interfere with the basestation settings.

[besson3c]

Originally Posted by himrich 

I am a little lost now folks. If I don't use Vine Server how do I change the port that the 2nd, 3rd and 4th computers are listening to?

In Airport Utility I get this explanation mark when attempting to make a change to public and private ports that don't agree.

See link: airport utility

I have Remote Management turned on for these computers if that makes any difference here.

PS I don't know how to post a picture in the forum but the link above should work. Sorry I'm such a novice. Thanks for your patience all.

You don't change the port the computers are listening to, you change the port your router listens for requests on simply by creating new port map entries.

[himrich]

Originally Posted by besson3c 

You don't change the port the computers are listening to, you change the port your router listens for requests on simply by creating new port map entries.

"Simply" is my stumbling block here. Can you show me an example please?

1. What do I do with each individual computer?
2. How do I tie that all up in Airport Utility?
3. How do I find them using a VNC app?

[Spheric Harlot]

1. Nothing.

2. Turtle's post above gives instructions.

3. From outside, you tell VNC to connect to port 5900, 5901, 5902, etc. Those ports are forwarded to different computers but translated to the standard port 5900 as per your setup in Step 2.

[himrich]

It is step 2 (Turtle’s instructions) that is giving me trouble.

In his example there are numbers 549 in public tcp port and 548 in private tcp port. Is this where I put 5901 for public tcp and 5900 for private tcp?

[besson3c]

Originally Posted by himrich 

It is step 2 (Turtle’s instructions) that is giving me trouble.

In his example there are numbers 549 in public tcp port and 548 in private tcp port. Is this where I put 5901 for public tcp and 5900 for private tcp?

Yes... You'll have several port mapping rules:


Public port 5901 -> Your private IP of computer 1 on port 5900
Public port 5902 -> Your private IP of computer 2 on port 5900
etc.

[himrich]

Got it finally. Thank you so much.

WOW, works nice.

[besson3c]

Originally Posted by himrich 

Got it finally. Thank you so much.

WOW, works nice.

No problem, glad to help, although it was Turtle's great idea!

[himrich]

Salute, Turtle.

[turtle777]

Glad it worked for you.

-t

[besson3c]

We love turtle777!

[milhous]

Allowing VNC to be accessible from the outside is a very bad thing. It places your computers at risk as port scanners will see you have services running and try to break in either with password cracking, intercepting your password while you type it in as it's not encrypted, or by leveraging vulnerabilities.

Please look into using VNC with SSH tunneling. This should be the bare minimum.

Good luck.

[besson3c]

Originally Posted by milhous 

Allowing VNC to be accessible from the outside is a very bad thing. It places your computers at risk as port scanners will see you have services running and try to break in either with password cracking, intercepting your password while you type it in as it's not encrypted, or by leveraging vulnerabilities.

Please look into using VNC with SSH tunneling. This should be the bare minimum.

Good luck.

This is good advice! However, and this goes for what you are trying to do regardless, the SSH tunnel might have some overhead that translates to slower frame rates. You will probably find that you get bad frame rates anyway unless you have a really fast connection.

This is one reason why sys admins generally prefer to do things via the command line. If you need to do particular tasks that are possible this way (e.g. file management), I would recommend this. That being said, there are also VNC clients that, I believe, handle compression of the screenshots sent to your computer better and are therefore faster, so you might also want to play around with using different clients. You might also run into keyboard mapping issues with some VNC clients.

[himrich]

I cannot seem to get the SSH tunneling set up correctly. I downloaded a free program called JellyfiSSH which was suppose to make it easy but it doesn’t work the way I thought it would.