Getting through a firewall

I have a question:

When I get a client who wants remote assistance, I always have such a hard time connecting to their computers because their is either a firewall in the router or a firewall in their modem (cable/dsl) or both.

Are there programs out there (or is it possible to write one) that would query their router and modem to find out what make and model it is - or even better, open up the remote assistance ports so I can connect to help them? Most people cannot do this on their own, and don't have the time or patience to be walked through it. The best thing is if they could just click a button, and it would be done.

Can this be done?

Gotomypc.com boasts their software is:

"Firewall Friendly
Because the GoToMyPC software on the remote computer initiates an outgoing connection, the technology works with your existing firewall and does not require special configuration. Nor does it compromise the integrity of your firewall."

What does that mean?
LVL 32
DrDamnitAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

ppfoongCommented:

If the firewall/router support VPN, configure it as a PPTP VPN server. You can then form a VPN to the client's network, and then work with Remote Assistance.

ppfoongCommented:

The Gotomypc statement might imply that as long as the client's firewall allows outgoing traffic from Gotomypc software which is installed in the remote computer, the remote computer could be accessed because the connection is formed from inside the client's network, which is not blocked by the firewall, and can also work in NAT environment.
DrDamnitAuthor Commented:
Yeah, it might 'imply' that, but it sure sounds like no configuration (NAT / Port Forwarding / Bridging / DMZ) is necessary to run their software and have full access to the computer. How would that be possible?
Your Guide to Achieving IT Business Success

The IT Service Excellence Tool Kit has best practices to keep your clients happy and business booming. Inside, you’ll find everything you need to increase client satisfaction and retention, become more competitive, and increase your overall success.

ppfoongCommented:

I am using UltraVNC, and as long as the firewall allows outgoing traffic, then it is possible to make the connection with the help of a server in the Internet. Probably the concept is alike. The UltraVNC way is as below:

http://ultravnc.sourceforge.net/addons/nat2nat.html

UltraVNC with this NAT-to-NAT connection is another solution, but it is more tricky to the end users, and requires them to go through a few steps before able to get the connection on. That's why I recommend using VPN, just need to setup once to get it work.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
pseudocyberCommented:
>>Are there programs out there (or is it possible to write one) that would query their router and modem to find out what make and model it is - or even better, open up the remote assistance ports so I can connect to help them? Most people cannot do this on their own, and don't have the time or patience to be walked through it. The best thing is if they could just click a button, and it would be done. Can this be done?

What you're asking for is how to hack firewalls from the outside.  Of course there are programs that will scan and try to tell you what kind of device is on the other end.  Nmap is one such program.

However, if it were easy to connect to the outside of a firewall and open up a port for whatever you felt like, whether for good or evil, they wouldn't be very good firewalls, would they?  They wouldn't even be worth being installed - they would only be a hinderance to good people and vulnerable to bad people.

I'm not allowed to go to gotomypc.com from my work (blocked by the nice content filter).  But I would imagine it puts some kind of client on the machine which connects to a server on the outside.  Once that session is established, the server can control the client by sending back specialized packets which tell the client what to do.  I believe the client connects via port 80 outbound, which is why it's open through firewalls.
lrmooreCommented:
>sounds like no configuration (NAT / Port Forwarding / Bridging / DMZ) is necessary to run their software and have full access to the computer. How would that be possible?
It uses TCP port 80 which is the same as WWW browsing, and almost all firewalls have that unrestricted by default... client opens a tcp connection on port 80 to the GoToMyPC server and then you connect to the server.

WebEx is another example of this..
http://www.webex.com/services/online-support-svc.html
simonenticottCommented:
You might want to look at a service like webex or live server, both allow remote desktop sharing after accepting a small piece of software.  If you are looking at someones pc with their permissin they shouldn't mind accepting the software.

Simon.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Software Firewalls

From novice to tech pro — start learning today.