Skip navigation

Remote Screen Sharing over the Internet

22352 Views 14 Replies Latest reply: Jun 21, 2012 10:35 AM by jakudo RSS
Video Guy Level 1 Level 1 (40 points)
Currently Being Moderated
Mar 29, 2011 3:57 PM
Hi,

I just got DSL last week and am experimenting with setting up my Leopard/SnowLeopard computers to share screens over the internet so I can access them from anywhere. But when I try to connect to my router from remote locations (Go>Connect to Server>My internet IP Address) I just can’t get it to work, I get a “Connection Failed” error every time. Here is my setup:

• Home computers are connected together via Asante ethernet hub, then to internet via a Westell 327W router

• I have screen sharing and file sharing enabled on all Macs

• I (think) have set my router to forward ports 3283, and 5900 (but am not familar with the process and may have done it wrong)

So far I’ve found this article most helpful: http://lowendmac.com/zisman/08az/leopard-screen-sharing.html

If anyone can offer any help I would greatly appreciate it. Thanks!
MacBook Pro 15", QuickSilver G4, B&W G3,, Mac OS X (10.6.7), iPod Touch 2 generation
  • Kappy Level 10 Level 10 (221,095 points)
    Currently Being Moderated
    Mar 29, 2011 4:25 PM (in response to Video Guy)
    Mac Pro 2.66 Ghz; 3 MBPs; 11" MBA, Mac OS X (10.6.6), iMac; MB; iPad; 2 iPods; iPod Touch
  • BobHarris Level 6 Level 6 (12,510 points)
    Currently Being Moderated
    Mar 29, 2011 5:54 PM (in response to Video Guy)
    You might consider iChat screen sharing. iChat also allows file transfer. I think this is secure, but I am not positive.

    You might consider TeamViewer.com (free for personal use). Allows secure file transfer

    You might consider secure LogMeIn.com (free for screen sharing, but you pay for the ability to transfer files).

    You might consider an Apple MobileMe subscription and the Back-to-My-Mac feature. Allows file sharing as well as screen sharing. All secure.

    You might try a Hamachi VPN setup (free if you only connect a limited number of computers). Will allow secure screen sharing and file transfer.

    If you want to go the route of getting through your router, then PortForward.com has documents providing step-by-step guides on how to setup port forwarding for a huge list of routers
    <http://portforward.com/>
    You only have to worry about port 5900 on the destination Mac(s).

    However, if you have multiple systems you wish to connect with, then you will have to arrange setup mapping so that the router is doing some renumbering along the way:

    Internet Public port 5900 to Mac A port 5900
    Internet Public port 5901 to Mac B port 5900
    Internet Public port 5902 to Mac C port 5900
    etc...

    Then when you want to connect to Mac B you have to specify vnc://router.address:5901 and Mac C would be vnc://router.address:5902, etc...

    Next is keeping track of your router's IP address. The workaround for this is to get a free dynamic DNS name from No-IP.com or DynDNS.org, and run an updating client on one of your home Macs.

    And since you are doing screen sharing over the internet, then on your client, when Screen Sharing is the current application, change the preferences to encrypt all network traffic.

    If you also want to hand roll your own file sharing, you will need to port forward to each Mac's port 548. However, rolling your own file sharing this way is NOT secure. If you want secure file sharing via port forwarding, then you want to look into ssh tunnels (even more stuff to setup ).

    Message was edited by: BobHarris
    MacBook/10.6.6, iMac/i7/10.6.6 w/Magic Trackpad, Mac mini/10.5.6, iPod Touch(4thGen)/32GB/4.2.1, iBook/G4, MacBook Pro/Core2Duo, iMac/Core2Duo
  • BobHarris Level 6 Level 6 (12,510 points)
    Currently Being Moderated
    Mar 29, 2011 7:18 PM (in response to Video Guy)
    1.) is there a limit to how many computers I can have set up (ie: can I keep going to port 5903, 5904, 5906, etc. if needed?)

    Yes. The router, for the most part, does not care about the port numbers, and since it is renumbering from 5901 to your Mac's 5900, the Mac doesn't know that you are renumbering. And the vnc://router.address:5901 does not care about the port number following the colon (as in :5901). You are more likely to run out of Macs at home then port numbers you can use.
    2.) All my macs are currently configured using DHCP, which I believe resets the IP address upon startup. Will my router keep track of the new IP address, or would I have to constantly reset my router’s settings for the new address?

    That is up to your router. Some routers have the capability to capture the MAC (media access control) Address and always give the same DHCP address each time the Mac connects. If not you could switch to using fixed IP addresses, picking addresses just outside the router's DHCP address range. For example if your router assigns 192.168.1.2 through 192.168.1.100 as DHCP addresses, you could assign fixed IP addresses to your Macs starting with 192.168.1.101. You will have to find out what range of addresses your routers assigns via DHCP.
    3.) How secure is this really? In order to connect to one of my macs, a remote user would need my router’s WAN IP address and each computer’s username and password. Is that secure enough, or are the other precautions I should take?

    There are bot networks that probe "ALL" IP addresses, and make connection attempts against standard ports (port 5900, 5901, 5902, ...) are standard ports.

    If you enabled System Preferences -> Sharing -> Screen Sharing -> Computer Settings -> "VNC viewers may control screen with password" then you do not need a Username. That just means the attacker only needs to try brute force password attempts. Also this form of connection is not encrypted, so if they can monitor your traffic, then they can get the "VNC viewers may control screen with password". The good news is that most attackers can not get that, but it is much less secure.

    If you did not enable "VNC viewers may control screen with password" and are depending on Username and Password, then a guessing your username is easy if they know you, as it tends to be a combination of your first and last name. So again you are left with your password as your line of defense.

    Bottom line. Make sure you have a good password. Upper and lower case, letters and numbers. Maybe even some special characters in the mix, and make it long (a phrase you can remember with some numbers in obvious substitutions is better than a short password).

    Again, after making your first Screen Sharing connection, go to Screen Sharing -> Preferences -> Encrypt all network data (more secure). That should make sure that neither the username/password exchange nor any of the screen sharing data should be visible to anyone except each end of the connection. That is to say, enable "Encrypt all network data" will be secure.
    MacBook/10.6.6, iMac/i7/10.6.6 w/Magic Trackpad, Mac mini/10.5.6, iPod Touch(4thGen)/32GB/4.2.1, iBook/G4, MacBook Pro/Core2Duo, iMac/Core2Duo
  • Eric5279 Calculating status...
    Currently Being Moderated
    Jul 26, 2011 8:15 AM (in response to BobHarris)

    Bob,

     

    Here is my situation.  I am pretty much the person that my family comes to for all of there computer problems.  My parents live one town, my sister and brother-in-law, in another, and so on.  So Lets say I take the steps mentioned above and I am able to get screen sharing to work.  Well here is the other part of my problem.  Lets saw both my sister and bother-in-law are both logged onto their home network at the same time.  I can no longer just connect via the main IP address provided by the ISP since it would not be able to tell my sisters and brother-in-law's laptop from one another.  How would I deal with this?

     

    Would I have my brother-in-law set up a static ip address for each of their laptops ( very easy ) then tell them that only one of them can be online at the time, then log onto that computer.  Go into their router and designate each one of them a tcp/udp port for each of their IPs, then when I try to connect their laptops using the primary ISP provided IP and designate the port?

     

    Example: vnc://router.address:PortNumberAssignedToUser

     

     

    I just want to make sure I understand what what you wrote above correctly. 

  • BobHarris Level 6 Level 6 (12,510 points)
    Currently Being Moderated
    Jul 26, 2011 1:58 PM (in response to Eric5279)

    If you are going to use port forwarding, then yes, you have your sister and brother-in-law each using an unique fixed local IP address.

     

    Then you configure their router so it do 2 separate port forwardings:

     

    port forward internet port 5900 to Sister's Mac port 5900

    port forward internet port 5901 to Brother-in-Law's port 5900

     

    Now when you want to connect to your either of those 2 systems you would use

     

    vnc://their.routers.address:5900     # Sister's Mac

    vnc://their.routers.address:5901     # Brother-in-Law's Mac

     

    There are other methods for accessing remote Macs, such as

     

    • TeamViewer.com (free for non-commercial use)
    • LogMeIn.com (free for non-commercial use)
    • Hamachi (from LogMeIn.com; free for non-commercial use) - this would create a private VPN between your Mac and your Sister and Brother-in-Law
    iMac, Mac OS X (10.6.7), 27" i7, MacBook, MacMini, etc...
  • jakudo Level 1 Level 1 (0 points)
    Currently Being Moderated
    Jun 21, 2012 4:21 AM (in response to BobHarris)

    Hi,

     

    I've tried to set up my router, my parent's iMac and my brother's MacBook as you described in here. I've set the screen sharing on iMac and in router I set that the port 5900 is for 10.0.0.4 address (which is address of my parent's iMac). And I can connect and it's much better than TeamViewer etc:)

     

    However, I've set up the screen sharing on my brother's MacBook and set up the router so that the port 5901 is for address 10.0.0.2 (my brother's MB IP) and I can't connect to his MacBook.

     

    Do you have any suggestions what might be the problem?

    Screen Shot 2012-06-21 at 12.49.11 .png

  • BobHarris Level 6 Level 6 (12,510 points)
    Currently Being Moderated
    Jun 21, 2012 8:40 AM (in response to jakudo)

    However, I've set up the screen sharing on my brother's MacBook and set up the router so that the port 5901 is for address 10.0.0.2 (my brother's MB IP) and I can't connect to his MacBook.

    Looking at your screen shot, you need to set the 10.0.0.2 end port to 5900, NOT 5901.  Your brother's Macbook is not listening on 5901, it is listening on 5900.

     

    You need a unique port number on the Router side, so you set the Start port number to 5901, but you want to router to redirect all traffic it sees on 5901 to 10.0.0.2 End port 5900.  The router is doing the port remapping service for you.

  • jakudo Level 1 Level 1 (0 points)
    Currently Being Moderated
    Jun 21, 2012 8:53 AM (in response to BobHarris)

    That's what I thought I should do, however, if I change the end port to 5900 it says "The start of Port Number should not be greater than end of Port Number".

    And if I change the start point to 5900, it says "Internal Error"

  • BobHarris Level 6 Level 6 (12,510 points)
    Currently Being Moderated
    Jun 21, 2012 9:43 AM (in response to jakudo)

    Go to PortForward.com and find your router, then use their instructions to setup port forwarding for your router.

     

    You should be able to forward any port to any other port (high or low).


    I suspect that ths interface you are looking at is intended for 1-to-1 forwarding of a range of ports with no port renaming, not forwarding a single port to an internal system where the port number is changed along the way.

  • jakudo Level 1 Level 1 (0 points)
    Currently Being Moderated
    Jun 21, 2012 9:50 AM (in response to BobHarris)

    I've checked the website but it didn't help

    This should be my router nad it's setting:

    http://portforward.com/english/routers/port_forwarding/ZyXEL/Prestige660HW-T3v2/ defaultguide.htm

     

    The start and end port is just for creating range of ports not forwarding one port to another :-/ Of course, I can be wrong. I'm not that familiar with port forwarding...

  • BobHarris Level 6 Level 6 (12,510 points)
    Currently Being Moderated
    Jun 21, 2012 10:33 AM (in response to jakudo)

    If your router will not rename the port in the process of port forwarding, then you could find someone more knowledglable about your router, get a different router, find some information on how to get Mac OS X Screen Sharing to listen on port 5901, use a different VNC server (Vine Server) that allow specifying a different listening port number, or go back to TeamViewer.com.

  • jakudo Level 1 Level 1 (0 points)
    Currently Being Moderated
    Jun 21, 2012 10:35 AM (in response to BobHarris)

    I was using TeamViewer and I thing it's a great software. On the other site, Sceen Sharing is much better for my parrents. They don't need to do anything and I can connect to their Mac.

     

    I'm about to buy new router for them next month or so, so I will try to set it later.

     

    Thanks for helping

Actions

More Like This

  • Retrieving data ...

Bookmarked By (1)

Legend

  • This solved my question - 10 points
  • This helped me - 5 points
This site contains user submitted content, comments and opinions and is for informational purposes only. Apple disclaims any and all liability for the acts, omissions and conduct of any third parties in connection with or related to your use of the site. All postings and use of the content on this site are subject to the Apple Support Communities Terms of Use.