14 Replies Latest reply: Jun 21, 2012 10:35 AM by jakudo
Video Guy Level 1 Level 1 (40 points)
Hi,

I just got DSL last week and am experimenting with setting up my Leopard/SnowLeopard computers to share screens over the internet so I can access them from anywhere. But when I try to connect to my router from remote locations (Go>Connect to Server>My internet IP Address) I just can’t get it to work, I get a “Connection Failed” error every time. Here is my setup:

• Home computers are connected together via Asante ethernet hub, then to internet via a Westell 327W router

• I have screen sharing and file sharing enabled on all Macs

• I (think) have set my router to forward ports 3283, and 5900 (but am not familar with the process and may have done it wrong)

So far I’ve found this article most helpful: http://lowendmac.com/zisman/08az/leopard-screen-sharing.html

If anyone can offer any help I would greatly appreciate it. Thanks!

MacBook Pro 15", QuickSilver G4, B&W G3,, Mac OS X (10.6.7), iPod Touch 2 generation
  • 1. Re: Remote Screen Sharing over the Internet
    Kappy Level 10 Level 10 (226,775 points)
  • 2. Re: Remote Screen Sharing over the Internet
    BobHarris Level 6 Level 6 (13,120 points)
    You might consider iChat screen sharing. iChat also allows file transfer. I think this is secure, but I am not positive.

    You might consider TeamViewer.com (free for personal use). Allows secure file transfer

    You might consider secure LogMeIn.com (free for screen sharing, but you pay for the ability to transfer files).

    You might consider an Apple MobileMe subscription and the Back-to-My-Mac feature. Allows file sharing as well as screen sharing. All secure.

    You might try a Hamachi VPN setup (free if you only connect a limited number of computers). Will allow secure screen sharing and file transfer.

    If you want to go the route of getting through your router, then PortForward.com has documents providing step-by-step guides on how to setup port forwarding for a huge list of routers
    <http://portforward.com/>
    You only have to worry about port 5900 on the destination Mac(s).

    However, if you have multiple systems you wish to connect with, then you will have to arrange setup mapping so that the router is doing some renumbering along the way:

    Internet Public port 5900 to Mac A port 5900
    Internet Public port 5901 to Mac B port 5900
    Internet Public port 5902 to Mac C port 5900
    etc...

    Then when you want to connect to Mac B you have to specify vnc://router.address:5901 and Mac C would be vnc://router.address:5902, etc...

    Next is keeping track of your router's IP address. The workaround for this is to get a free dynamic DNS name from No-IP.com or DynDNS.org, and run an updating client on one of your home Macs.

    And since you are doing screen sharing over the internet, then on your client, when Screen Sharing is the current application, change the preferences to encrypt all network traffic.

    If you also want to hand roll your own file sharing, you will need to port forward to each Mac's port 548. However, rolling your own file sharing this way is NOT secure. If you want secure file sharing via port forwarding, then you want to look into ssh tunnels (even more stuff to setup ).

    Message was edited by: BobHarris
  • 3. Re: Remote Screen Sharing over the Internet
    Video Guy Level 1 Level 1 (40 points)
    Thanks Guys! It worked

    Since going through my router is working, I think I will stick with that option for now.

    I just have a couple of questions about how to set up multiple macs for port forwarding.

    1.) is there a limit to how many computers I can have set up (ie: can I keep going to port 5903, 5904, 5906, etc. if needed?)

    2.) All my macs are currently configured using DHCP, which I believe resets the IP address upon startup. Will my router keep track of the new IP address, or would I have to constantly reset my router’s settings for the new address?

    3.) How secure is this really? In order to connect to one of my macs, a remote user would need my router’s WAN IP address and each computer’s username and password. Is that secure enough, or are the other precautions I should take?

    Thanks you so much!
  • 4. Re: Remote Screen Sharing over the Internet
    BobHarris Level 6 Level 6 (13,120 points)
    1.) is there a limit to how many computers I can have set up (ie: can I keep going to port 5903, 5904, 5906, etc. if needed?)

    Yes. The router, for the most part, does not care about the port numbers, and since it is renumbering from 5901 to your Mac's 5900, the Mac doesn't know that you are renumbering. And the vnc://router.address:5901 does not care about the port number following the colon (as in :5901). You are more likely to run out of Macs at home then port numbers you can use.
    2.) All my macs are currently configured using DHCP, which I believe resets the IP address upon startup. Will my router keep track of the new IP address, or would I have to constantly reset my router’s settings for the new address?

    That is up to your router. Some routers have the capability to capture the MAC (media access control) Address and always give the same DHCP address each time the Mac connects. If not you could switch to using fixed IP addresses, picking addresses just outside the router's DHCP address range. For example if your router assigns 192.168.1.2 through 192.168.1.100 as DHCP addresses, you could assign fixed IP addresses to your Macs starting with 192.168.1.101. You will have to find out what range of addresses your routers assigns via DHCP.
    3.) How secure is this really? In order to connect to one of my macs, a remote user would need my router’s WAN IP address and each computer’s username and password. Is that secure enough, or are the other precautions I should take?

    There are bot networks that probe "ALL" IP addresses, and make connection attempts against standard ports (port 5900, 5901, 5902, ...) are standard ports.

    If you enabled System Preferences -> Sharing -> Screen Sharing -> Computer Settings -> "VNC viewers may control screen with password" then you do not need a Username. That just means the attacker only needs to try brute force password attempts. Also this form of connection is not encrypted, so if they can monitor your traffic, then they can get the "VNC viewers may control screen with password". The good news is that most attackers can not get that, but it is much less secure.

    If you did not enable "VNC viewers may control screen with password" and are depending on Username and Password, then a guessing your username is easy if they know you, as it tends to be a combination of your first and last name. So again you are left with your password as your line of defense.

    Bottom line. Make sure you have a good password. Upper and lower case, letters and numbers. Maybe even some special characters in the mix, and make it long (a phrase you can remember with some numbers in obvious substitutions is better than a short password).

    Again, after making your first Screen Sharing connection, go to Screen Sharing -> Preferences -> Encrypt all network data (more secure). That should make sure that neither the username/password exchange nor any of the screen sharing data should be visible to anyone except each end of the connection. That is to say, enable "Encrypt all network data" will be secure.
  • 5. Re: Remote Screen Sharing over the Internet
    Video Guy Level 1 Level 1 (40 points)
    Ok, that helps clear things up.

    I’ll keep experimenting with additional macs and variable vs. fixed IP addresses. Plus set up additional security preferences as you mentioned.

    Thank you! - This is really cool!
  • 6. Re: Remote Screen Sharing over the Internet
    Eric5279 Level 1 Level 1 (0 points)

    Bob,

     

    Here is my situation.  I am pretty much the person that my family comes to for all of there computer problems.  My parents live one town, my sister and brother-in-law, in another, and so on.  So Lets say I take the steps mentioned above and I am able to get screen sharing to work.  Well here is the other part of my problem.  Lets saw both my sister and bother-in-law are both logged onto their home network at the same time.  I can no longer just connect via the main IP address provided by the ISP since it would not be able to tell my sisters and brother-in-law's laptop from one another.  How would I deal with this?

     

    Would I have my brother-in-law set up a static ip address for each of their laptops ( very easy ) then tell them that only one of them can be online at the time, then log onto that computer.  Go into their router and designate each one of them a tcp/udp port for each of their IPs, then when I try to connect their laptops using the primary ISP provided IP and designate the port?

     

    Example: vnc://router.address:PortNumberAssignedToUser

     

     

    I just want to make sure I understand what what you wrote above correctly. 

  • 7. Re: Remote Screen Sharing over the Internet
    BobHarris Level 6 Level 6 (13,120 points)

    If you are going to use port forwarding, then yes, you have your sister and brother-in-law each using an unique fixed local IP address.

     

    Then you configure their router so it do 2 separate port forwardings:

     

    port forward internet port 5900 to Sister's Mac port 5900

    port forward internet port 5901 to Brother-in-Law's port 5900

     

    Now when you want to connect to your either of those 2 systems you would use

     

    vnc://their.routers.address:5900     # Sister's Mac

    vnc://their.routers.address:5901     # Brother-in-Law's Mac

     

    There are other methods for accessing remote Macs, such as

     

    • TeamViewer.com (free for non-commercial use)
    • LogMeIn.com (free for non-commercial use)
    • Hamachi (from LogMeIn.com; free for non-commercial use) - this would create a private VPN between your Mac and your Sister and Brother-in-Law
  • 8. Re: Remote Screen Sharing over the Internet
    jakudo Level 1 Level 1 (0 points)

    Hi,

     

    I've tried to set up my router, my parent's iMac and my brother's MacBook as you described in here. I've set the screen sharing on iMac and in router I set that the port 5900 is for 10.0.0.4 address (which is address of my parent's iMac). And I can connect and it's much better than TeamViewer etc:)

     

    However, I've set up the screen sharing on my brother's MacBook and set up the router so that the port 5901 is for address 10.0.0.2 (my brother's MB IP) and I can't connect to his MacBook.

     

    Do you have any suggestions what might be the problem?

    Screen Shot 2012-06-21 at 12.49.11 .png

  • 9. Re: Remote Screen Sharing over the Internet
    BobHarris Level 6 Level 6 (13,120 points)

    However, I've set up the screen sharing on my brother's MacBook and set up the router so that the port 5901 is for address 10.0.0.2 (my brother's MB IP) and I can't connect to his MacBook.

    Looking at your screen shot, you need to set the 10.0.0.2 end port to 5900, NOT 5901.  Your brother's Macbook is not listening on 5901, it is listening on 5900.

     

    You need a unique port number on the Router side, so you set the Start port number to 5901, but you want to router to redirect all traffic it sees on 5901 to 10.0.0.2 End port 5900.  The router is doing the port remapping service for you.

  • 10. Re: Remote Screen Sharing over the Internet
    jakudo Level 1 Level 1 (0 points)

    That's what I thought I should do, however, if I change the end port to 5900 it says "The start of Port Number should not be greater than end of Port Number".

    And if I change the start point to 5900, it says "Internal Error"

  • 11. Re: Remote Screen Sharing over the Internet
    BobHarris Level 6 Level 6 (13,120 points)

    Go to PortForward.com and find your router, then use their instructions to setup port forwarding for your router.

     

    You should be able to forward any port to any other port (high or low).


    I suspect that ths interface you are looking at is intended for 1-to-1 forwarding of a range of ports with no port renaming, not forwarding a single port to an internal system where the port number is changed along the way.

  • 12. Re: Remote Screen Sharing over the Internet
    jakudo Level 1 Level 1 (0 points)

    I've checked the website but it didn't help

    This should be my router nad it's setting:

    http://portforward.com/english/routers/port_forwarding/ZyXEL/Prestige660HW-T3v2/ defaultguide.htm

     

    The start and end port is just for creating range of ports not forwarding one port to another :-/ Of course, I can be wrong. I'm not that familiar with port forwarding...

  • 13. Re: Remote Screen Sharing over the Internet
    BobHarris Level 6 Level 6 (13,120 points)

    If your router will not rename the port in the process of port forwarding, then you could find someone more knowledglable about your router, get a different router, find some information on how to get Mac OS X Screen Sharing to listen on port 5901, use a different VNC server (Vine Server) that allow specifying a different listening port number, or go back to TeamViewer.com.

  • 14. Re: Remote Screen Sharing over the Internet
    jakudo Level 1 Level 1 (0 points)

    I was using TeamViewer and I thing it's a great software. On the other site, Sceen Sharing is much better for my parrents. They don't need to do anything and I can connect to their Mac.

     

    I'm about to buy new router for them next month or so, so I will try to set it later.

     

    Thanks for helping