Previous 1 2 Next 16 Replies Latest reply: Feb 24, 2012 7:40 PM by zerofourtwo
LOLuMad Level 1 (5 points)

I'm not an "power" Mac user and I'm new to Apple Remote Desktop. Does ARD need to be installed on the client computer in order for me to remotely connect to it via the internet from another mac (with ARD installed)?

Mac OS X (10.7.3)
  • Antonio Rocco Level 6 (10,470 points)



    No. The ARD Agent is installed as part of the OS. The ARD application is a 'special' administration application that can be used to administer (amongst other things) multiple computers.


    Judging by what you're saying you actually don't need ARD Admin for what you want. You could simply use the Screen Sharing App one end and remote access the client (the other end) by opening up the relevant port or ports (5900 & 3283) in the firewall and knowing the external IP address (the other end) and the internal IP address of the client (the other end).


    This works best if the remote site has a fixed external IP address. If you want to access multiple clients it's best you use a VPN. Alternatively you can VNC to a single remote client that has ARD Admin installed and use that to administer the other clients.


    You could also consider other ways of doing this? iChat, LogMeIn, TeamViewer etc.





  • LOLuMad Level 1 (5 points)

    Well, since I dropped $80 into the Apple Remote Desktop I'm hoping to use it and not let that purchase go to waste. I'm familiar with LogMeIn and some of the other clients out there. I have managed to get ARD to work ONLY if both computers are on the same network. For some reason, I can't get it to work/connect to over the internet. I've enabled Remote Management on the client computer I wish to remote control. Any other tips?

  • Antonio Rocco Level 6 (10,470 points)



    "For some reason, I can't get it to work/connect to over the internet."


    From my previous post:


    ". . . by opening up the relevant port or ports (5900 & 3283) in the firewall and knowing the external IP address (the other end) and the internal IP address of the client (the other end) . . ."


    Have you done this?


    Do you know the external IP address of the remote site? In other words the Public side of that site's Firewall.


    Do you know the internal IP addresses of clients you wish to control? In other words assigned IP addresses on the Private side of that site's Firewall.


    Once you know these two pieces of information and if you've configured the firewall appropriately, you will be able to control/access - and anything else you like - remote clients at that site.





  • Gary Lydeen Level 1 (15 points)

    I think the key point you need to look at, is using Port Forwarding on the remote firewall.


    It is certainly possible to access a remote computer through the internet using ARD.  ARD really is not geared to this task very well due to the fact, most enviroments are using a version of NAT known as PAT, (Port Address Translation). PAT allows many internal hosts to share a single external IP address.


    When trying to connect to the remote machine usign the external address of the firewall, unless Port Forwarding is configured, the firewall doesn't know what to do with the packet and simply drops it. (In effect doing what it's supposed to do).


    Using Port forwarding you can "MAP" the external address along with ports 5900 and 3283 to the internal address of that remote computer again using ports 5900 and 3283. This is a fairly simple configuration on most conumer firewalls. (I have done this so I know it works).


    As Antonio mentioned, a VPN is really the best method for using ARD through the internet.   Unfortunatnley with the way PAT works, you are pretty much limited to accessing only the one machine when using port forwarding. There are ways around that, but that gets fairly ugly to manage.


    I hope that helps.



  • LOLuMad Level 1 (5 points)

    Yes I followed the steps provided by for my parent's corresponding router. I know their external IP address by checking it at I have enabled remote management and remote login under the sharing preferences for their mac. I launch ARD and enter their external IP, the mac's admin username and password and still cannot connect.


    When creating the new port forwarding rules on the router, the IP address only allowed were those that are 10.0.0._ and not the 192.168.1._

    I assume when you say external is that provided by ipchicken and the internal would be the 10.0.0_ one correct? The 192.168.1._ is just for the router itself. Am I correct?


    I have the firewall enabled under the mac system preferences but it does show to allow incoming requests for remote management.

  • Antonio Rocco Level 6 (10,470 points)



    Your problem is going to be the external IP address. Your Parent's ISP will assign an external IP address dynamically - also known as DHCP. The problem with DHCP is the address assigned is liable to change on a regular basis. The only way you can ever know if it has changed is (a) when it fails to connect and (b) when you call your parents and ask them to check what IP address they are currently using.


    AFAIK all ISPs use DHCP for their Residential Broadband offering. Clearly it's better to ask them for a fixed IP address as this will not subject to change over time and therefore offers a much more reliable remote connection. AFAIK fixed external IP addresses are only available for Business Users and will obviously cost more.


    Ultimately you have to decide whether you want to foot the extra costs of a fixed IP address and the ease of use it offers or deal with a dynamically assigned one and the extra work involved in using it.





  • zerofourtwo Level 1 (0 points)

    Most ISPs these days do not change residential ip addresses at random periods anymore. In most cases your external IP address will not change unless the MAC address of the device directly connected to the modem changes (i.e. router, AP, firewall, computer, etc.) and even in that case the new device typically has to be connected for a certain amount of sustained time prior to a new IP being assigned. I agree that he more than likely has a dynamic IP address assigned but the interval at which it changes shouldn't be an issue. Even if the ip does change, a 2 sec check @ and an update to his ARD preferences would fix any connectivity issues, not much of a problem IMO.




    The 10.x.x.x and 192.x.x.x are your internal IPs (ip address scheme designated by the router or AP) sent out to the connected computers via DHCP. 10.x.x.x is typically the IP address form for a Aiport Express/Extreme, and 192.x.x.x is typically the default address form for a Netgear, Linksys/Cisco, D-Link, Buffalo, Asus, etc.So in essence it could be either type just depends on how the router has been configured. If you open Network Utility from the /Applications/Utilties folder then select the interface which is connected to the router, for example if connected via wifi select Airport (SL) or Wi-Fi (Lion) from there it will tell you that computer's internal IP address assigned by the router. Alternatively you can also open Terminal from /Applications/Utilties and type in "ifconfig" (w/o qoutations) and look at the "inet" address under the appropriate interface which will also provide you with the same information.


    If you plan to connect to this computer internally (on the same network) then you will need to input the local IP into ARD, although if you have the correct sharing preferences turned on, on the target computer it should automatically show up on the list under all computers without having to manually add it to the list. If you plan on connecting to the computer remotely then you will have to add the computer via ip address and input the external ip address not the internal. Assuming you have already forwarded the appropriate ports both 5900 and 3283 using the internal IP address for that computer. Hope it helps!



  • LOLuMad Level 1 (5 points)

    Thanks for the time taken into this topic here. I have forwarded the appropriate ports on the router. I understand the difference between the internal and external IP addresses. Yes, it's on DHCP but the external IP address has been the exact same for days (if not weeks) since I've been checking. I am typing the external IP address in ARD when trying to connect by address along with the admin username and password but it just fails verification. When I'm on the same network, the computer automatically shows up in ARD. It just seems to be something not letting it connect remotely via the internet. I'm almost giving up on this and just sticking with LogMeIn for my needs. It's a shame I spent $80 on this software (shame on me for not doing my research). It's a great tool to have, but when I can only get it to work locally it's really not what I want. I rather sit down in front of the local computer and do what I need to do in that environment.

  • zerofourtwo Level 1 (0 points)

    Can you explain the steps that you take to "add" the remote client computer?

  • LOLuMad Level 1 (5 points)

    The only remote client I've added successfully is the other MacBook Pro I have in my household. Since it's on the same network, it automatically showed up in ARD. As for my parents Mac Mini, I can't get it to show. I've gotten their internal and external IPs. I'm trying to connect to their Mac Mini by using the external IP acquired from and have enabled remote management/login under their sharing preferences. I am using their administrator account name and password. Unable to verify. I have forwarded the ports 3283, 5900, 5988 as instructed by this emote_Desktop.htm


    As per the guide, the server IP address is being assigned as like what it says on the Mac Mini's address.

  • zerofourtwo Level 1 (0 points)

    I believe that all Macs SL and newer have a passive ARD agent that allows you to connect to a target computer that does not have the ARD app installed. But remote management preferences have to be "on" within the sharing menu. Question..Are you trying to connect to the mac mini via external ip while connected to the same network? If so you will be unable to do so, assuming ports are setup correctly. ARD does not let you connect to a computer on your local network via the public ip, i believe this is a NAT issue, but haven't experimented enough to know for sure the cause.


    When connecting to a computer on your local network make sure to view the local list by selecting "Scanner" from the main list on the left, then using the drop down menu to the right select "Local Network". When connecting to a computer externally (different network) you can just hit "All computers" from the main list on the left.

    When you want to add the Mac mini select "All Computers" from the left window, then select the "+" button at the bottom of the right window, from there you can input the external IP address of the Mac mini or any other target machine you need to connect to. Also when providing User Name and Password make sure to use the User Name and Password of the Account holder that is logged into that machine.




    When configuring the Netgear router make sure that you have two TCP/UDP entries for the Mac mini's internal ip address. One TCP/UDP port forward entry for the 3283 port using the assigned internal IP address for the Mac mini, and a completely seperate TCP/UDP port forward entry (same ip) but with port 5900 just make sure to title it with a different name. Netgear routers don't like two seperate entries under the same name(Name it whatever you like) Also i recommend if available on your router is to setup IP Address Reservation for the Mac Mini. This is done via Netgear interface typically under "Lan Setup". That way the internal IP address for the Mac mini does not change when being rebooted/disconnected from the network. If reservation is not an option with your Netgear Router you can manually input an IP address on the Mac Mini by going to "Network Preferences"-> "Advanced" -> "TCP/IP", then change "Using DHCP" to "Manually". Just make sure to select an IP address that will not conflict with another machine that will recieve an IP via DHCP, for instance or Otherwise if the internal IP is not static your router will forward the ports you opened to the wrong computer once the IP changes. Just make sure whatever IP you elect to reserve for the Mac mini,you change the IP address under port forwarding to match.


    I hope i explained this clearly, i have yet to have coffee so forgive my grammer/punctuation (lack thereof). Also screenshot included on how your ports should look. Granted some of the options will be different but you will see what i mean by having two different port forward entries. screenshot.jpg

  • LOLuMad Level 1 (5 points)

    No, I'm not on the same network when trying to connect using the external IP address. I will review the router settings when I get a chance later today and report back. Thanks for the feedback.

  • LOLuMad Level 1 (5 points)

    Ok I assigned the Mac Mini it's own internal IP address as you described.

    Also as far as the ports go, this is what I have:




    I tried adding the Mac Mini by clicking "All Computers" and then adding by address. Entered the external IP and the username and password for the account logged in. Still unable to verify.

  • zerofourtwo Level 1 (0 points)

    Just to make sure sure everything is setup correctly..


    1. The internal IP of the Mac mini matches that of the ip in the port forward setup ( Check via Utility-> Network Utility-> Info.

    2. The Ports 3283, and 5900 are both open for the same internal ip address.


    3. Confirmed that the Mac Mini is in fact running the specific static address you elected (Network Utility under Utilties)


    4. Turned on Remote Management under Sharing Preferences (I also keep File Sharing turned on)

    Also i remove all users from each sharing resource except the main user. For instance, "File Sharing" on my wife's Macbook Pro has only one authorized user, her with her system password. That way if someone was to try and connect remotely to her system they would need to either know her password or recieve it from her.


    5. Go to "Preferences -> Security -> Firewall, and make sure it's turned off, at least during your troubleshooting. Mac's only allow you to define applications from the firewall menu, so if you do not have ARD installed on the MAC mini, but do have the Firewall on it may be what's causing your communication issues, just a thought.


    The only other thing that is coming to mind right now, is turn off the "Disable Port Scan" security feature of your router, then while on the local network using your Mac go to Utilities -> Network Utility, then select "Port Scan" and input the internal IP Address of the Mac mini ( uncheck the box "Only test ports between" leave it blank so that it checks all ports.


    What you should see is your ports that you forwarded (3283 and 5900) assuming your router allows you to disable port scanning. If the ports are for whatever reason not getting opened you can turn apply DMZ to that address from within the router confing and then check for communication. The only other significant difference i can think of between your setup and mine is that you only have ARD running on one side, whereas i have it installed on my target machine. You could open up the App Store and login in as yourself and download the ARD App onto the Mac mini for free in hopes that, that may clear up some issue that has gone unseen.





Previous 1 2 Next