[typhoon]

I'm trying to figure out how this networking stuff works as I want to open ports etc in order to remote control another Mac across the Internet (VNC).

My network consists of two computers and two routers, the first router being the ADSL modem/router that my Internet provider gave me, the second router is a standard 4-port router as the first one only had one output:

PC
/
ADSL - Netopia 3351 - Surecom EP-4904sx
\
Mac

I'm really confused about which router does what, and where to change the settings.
The Netopia 3351 is pretty complicated to change the settings of as I have to do it via Telnet which gives me a very basic, confused and "expert" like interface (I'm not just talking about the text interface but the actual contents which is mostly very complicated for a newbie).

The Surecom router on the other hand is a breeze to enter (through a web interface in a web-browser) and has a graphic user-interface.

So I know how to change the settings of both of them, but I don't know which settings to change, and which device does what.

What I want to do is the following:

1) give each computer a static IP (I believe I've heard that this is the way to do it for networking between different computers, as opposed to just accessing the Internet)

2) Open a specific port (5900, for VNC)

I can look up the specific, detailed editing instructions for the routers myself, but I could need a little basic explanation of which settings to change, and to what.

[peeb]

I'm not convinced you really want to give each computer a static IP address, but you need to find out whether your ADSL modem has a firewall. If it does, you need to open the ports on it (5900) if not, don't putz with it. In any event, you will need to open that port on the router. If you want to control another Mac, the easiest way might be to start by taking the Surecome out, and pluggin your computer straight into the ADSL - when you get that working, you can add the other one, otherwise, if something doesn't work, you won't know where the issue is.

[Sherman Homan]

I think you are well on your way. Assigning the computers a static address is a good idea, it is the easiest way to find them. The one thing that is going to be the hardest is having two routers. Can you figure out how to set the Netgear into bridge mode? Then it will act like a hub, actually a plain old cheap hub would be the simplest solution... You are going to have a difficult time figuring out which one is listening on the public address, which one is assigning IP addresses, firewalling and forwarding ports. It is the Department of Redundancy Department.
Next issue is that without a dedicated remote control program like Apple Remote Desktop or Timbuktu you can't easily set port forwarding to two internal IP addresses from one external address. You may have to decide which computer you want to control.

[Macola]

I'd second the suggestion to ditch the second router, but replace it with a switch...you can get them for around $10 or less on sale.

[ghporter]

Originally Posted by Macola 

I'd second the suggestion to ditch the second router, but replace it with a switch...you can get them for around $10 or less on sale.

Or simply use the switch portion of the second router as a switch. I do that. My second router also has a parallel printer server, so I get three extra switched ports (the fourth port is effectively an "uplink" connecting the second router to the first) plus a print server. Coolness!

(SOME routers allow you to configure them as simple switches, but this is typically buried deep in their configuration settings. Unless you NEED that extra port, I wouldn't bother looking for the setting-which may not be there anyway.)

[rjt1000]

Just for you to be aware: VNC is not a secure protocol (it is sent in the clear). Also keeping the VNC port opened and the VNC server running could attract hackers scanning open ports--so at the very least choose a strong password.

A more secure solution would be to use SSH to log into the computer you want to control. And then use local port forwarding to set up an encrypted tunnel over which you send the VNC communications. This thread gives the details. An added security benefit is you could set the VNC server on the target computer to only accept local connections.

Another solution would be to use HamachiX. Hamachi is a free zero configuration VPN which traverses routers and firewalls with ease. You install it on each computer and then set up an encrypted LAN between the computers no matter where they are geographically. You can then tunnel the VNC communication over this Hamachi encrypted LAN--just enter the Hamachi ip address (5.x.x.x) of the target computer in the VNC client. Using VNC over Hamachi has the added benefit of obviating the need for forwarding ports on your router, setting up manual ip addresses, or knowing the external ip address of the target computer. This article may be helpful.

[Macola]

Glenn, in order to use the router as a switch, wouldn't you still need to configure it? Most routers I've seen have DHCP serving turned on by default. My suggestion to use a simple switch was to avoid configuration hassles.

[ghporter]

Originally Posted by Macola 

Glenn, in order to use the router as a switch, wouldn't you still need to configure it? Most routers I've seen have DHCP serving turned on by default. My suggestion to use a simple switch was to avoid configuration hassles.

As long as you don't EVER plug anything into its WAN port, the switch portion of a home router is JUST A SWITCH. It can't do anything but send packets here and there. I did give my second router a fixed IP, but since almost all (except for AirPort devices!) home routers use one's browser to configure them, it was a piece of cake. The only configuration was setting a static IP (that's different from its default) in the second router so I could use its print server. Without that, there was nothing to do.

I suppose that if I hadn't given it that address, the switch might not have been as friendly, but I don't know that.

[Macola]

Since the OP mentioned having to use Telnet to configure the router, I figured a plain ol' switch would be easier

[ghporter]

A switch would indeed be simplest, but I've noticed that just plain switches sometimes cost more than the same brand's routers! This is just plain dumb in my mind.

And I have to wonder about something: the manual for the Netopia Cayman 3351ADSL router shows (on page 9) that you can configure it via its built in web page-just like almost all other routers. Where does telnet come in?

[Macola]

You got me there. I've never used a router that forced you to use Telnet, but I've heard of other folks who've had one (I think they were Netopia branded, too). That was a few years ago, though.

[ghporter]

That seems to be the router the OP mentioned... Hopefully he'll chime in again and let us know why he's using telnet.