srejja
asked on
Using VNC to connect to 3 PCs in a LAN behind a firewall
Here is the scenario.
I work for a company that offsources employees from the Philippines to do the a large amount of our graphics work. Initially they need to be trained and to do so we have been using RealVNC to connect to their desktop over Cisco VPN client connection between us and them. To this point they have all been working at home with seperate DSL connections, but now we have hired three that live together and would like to share one DSL connection using a router (likely a Netgear WGR614). How can we continue to utilize the VNC if they are sitting behind a firewall sharing the connection? Is this possible? Typically the router will assign an IP to each PC (192.168.x.x) which is useless to use when we attempt to connect. We are sitting behind a firewall as well, but we only need to be able to control their PCs, not vice-versa. Ideas? Do I need to supply more info?
I work for a company that offsources employees from the Philippines to do the a large amount of our graphics work. Initially they need to be trained and to do so we have been using RealVNC to connect to their desktop over Cisco VPN client connection between us and them. To this point they have all been working at home with seperate DSL connections, but now we have hired three that live together and would like to share one DSL connection using a router (likely a Netgear WGR614). How can we continue to utilize the VNC if they are sitting behind a firewall sharing the connection? Is this possible? Typically the router will assign an IP to each PC (192.168.x.x) which is useless to use when we attempt to connect. We are sitting behind a firewall as well, but we only need to be able to control their PCs, not vice-versa. Ideas? Do I need to supply more info?
We use the same program. Do you use client vpn software or is the firewall setup to do the VPN? If they use a client vpn program then you should be able to connect to them directly...thats how we do it. Or you could always have them Add a VNC client when you want to connect, they will then add your Ip address, and then you Run listening VNC viewer.
You will need to forward the ports to the internal address from the router...
if your router allows for port redirection you will not need to change anything on the clients.
Ex....
forward tcp port 5900 to 192.168.1.100 port 5900(first internal machine)
forward tcp port 5901 to 192.168.2.101 port 5900(second internal machine)
forward tcp port 5902 to 192.168.2.102 port 5900(third internal machine)
then from the client connect to the proper external IP address
If the router does not support port redirection you will need to set the client to use the correct port and your forwarding should look like this
forward tcp port 5900 to 192.168.1.100 port 5900(first internal machine)
forward tcp port 5901 to 192.168.2.101 port 5901(second internal machine)
forward tcp port 5902 to 192.168.2.102 port 5902(third internal machine)
I would actually choose to use a different external port number(for security)
something like
forward tcp port 32751 to 192.168.1.100 port 5900(first internal machine)
forward tcp port 32752 to 192.168.2.101 port 5900(second internal machine)
forward tcp port 32753 to 192.168.2.102 port 5900(third internal machine)
then just enter the correct connection port into the client
if your router allows for port redirection you will not need to change anything on the clients.
Ex....
forward tcp port 5900 to 192.168.1.100 port 5900(first internal machine)
forward tcp port 5901 to 192.168.2.101 port 5900(second internal machine)
forward tcp port 5902 to 192.168.2.102 port 5900(third internal machine)
then from the client connect to the proper external IP address
If the router does not support port redirection you will need to set the client to use the correct port and your forwarding should look like this
forward tcp port 5900 to 192.168.1.100 port 5900(first internal machine)
forward tcp port 5901 to 192.168.2.101 port 5901(second internal machine)
forward tcp port 5902 to 192.168.2.102 port 5902(third internal machine)
I would actually choose to use a different external port number(for security)
something like
forward tcp port 32751 to 192.168.1.100 port 5900(first internal machine)
forward tcp port 32752 to 192.168.2.101 port 5900(second internal machine)
forward tcp port 32753 to 192.168.2.102 port 5900(third internal machine)
then just enter the correct connection port into the client
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.