franksmyth
asked on
Remote control using pcAnywhere without a static IP
Hi,
Wasn't sure whether this should be under Apps or Networking but I think it is more a general question regarding remote control so I went for here.
Essentially what I want to do is to be able to control the Office PC using pcAnywhere from wherever I have a connection to the internet.
The Office PC is connected to a DSL broadband internet connection through a router. So it has an IP of 192.168.1.2. It is running Windows 2k.
The routers IP address is non static (at least I presume so because I haven't paid for a static IP).
Here are some of the possibilities that I have come up with while looking at this problem:
1) Port Forwarding....pcAnywhere uses 2 ports so I could tell the router to always forward these to 192.168.1.2......however without static IP for the router I think this will cause trouble....Also if I wanted to remote control one of the other machines in the office this would not work.
2) VPN.....Connect to the network using a remote access/vpn server and then become another node on the network allowing simple remote control....(Note that it is a peer to peer network)....Is this solution kind of doubling the problem or doing the same thing twice
3) Put the PC in the DMZ using the router (just saw this option on the router no idea whether it's suitable or not)
4) Use the routers virtual server capabilities. (again...just saw this option on the router no idea whether it's suitable or not)
Any suggestions or ideas most gratefully accepted.
Thanks
Wasn't sure whether this should be under Apps or Networking but I think it is more a general question regarding remote control so I went for here.
Essentially what I want to do is to be able to control the Office PC using pcAnywhere from wherever I have a connection to the internet.
The Office PC is connected to a DSL broadband internet connection through a router. So it has an IP of 192.168.1.2. It is running Windows 2k.
The routers IP address is non static (at least I presume so because I haven't paid for a static IP).
Here are some of the possibilities that I have come up with while looking at this problem:
1) Port Forwarding....pcAnywhere uses 2 ports so I could tell the router to always forward these to 192.168.1.2......however without static IP for the router I think this will cause trouble....Also if I wanted to remote control one of the other machines in the office this would not work.
2) VPN.....Connect to the network using a remote access/vpn server and then become another node on the network allowing simple remote control....(Note that it is a peer to peer network)....Is this solution kind of doubling the problem or doing the same thing twice
3) Put the PC in the DMZ using the router (just saw this option on the router no idea whether it's suitable or not)
4) Use the routers virtual server capabilities. (again...just saw this option on the router no idea whether it's suitable or not)
Any suggestions or ideas most gratefully accepted.
Thanks
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
>>That looks quite simple...However it also seems quite unconventional. Is there not a more "proper" (for want of a better word) way of doing it?
Yeah use tight VNC its more secure and free :)
you will still need a no-ip account but thats free too
Running VNC through routers/Firewalls
If you are on the CONTROLLING computer and are behind a router you will need to open port 5900 TO the IP address of the CONTROLLED PC. (this is usually the external IP address of the router at the CONTROLLED end)
You will need to set the router at the CONTROLLED end to forward port 5900 traffic to the CONTROLLED IP address).
NB. VNC web traffic travels over ports 5800 to 5900
Why the different numbers?
VNC installs a mini web server that listens on ports 5800 to 5900, it does this because, if you need to control multiple PCs you can set so that the last two digits of the port number become the DISPLAY number (client number)
for example
machine 1 = 0 (that's port 5800) to connect type http://<public IP address>:5800
machine 2 = 1 (that's port 5801) to connect type http://<public IP address>:5801
Obviously at the CONTROLLED end the router/firewall must be set up to forward port 5800 to machine 1's IP address etc.
Why port 5900 then?
The APPLICATION uses this port
*****Links*****
Download RealVNC
http://www.realvnc.com/
Download TightVNC
http://www.tightvnc.com/
Connecting over the web Java VNC Viewer
http://www.realvnc.com/javavncviewer.html
Yeah use tight VNC its more secure and free :)
you will still need a no-ip account but thats free too
Running VNC through routers/Firewalls
If you are on the CONTROLLING computer and are behind a router you will need to open port 5900 TO the IP address of the CONTROLLED PC. (this is usually the external IP address of the router at the CONTROLLED end)
You will need to set the router at the CONTROLLED end to forward port 5900 traffic to the CONTROLLED IP address).
NB. VNC web traffic travels over ports 5800 to 5900
Why the different numbers?
VNC installs a mini web server that listens on ports 5800 to 5900, it does this because, if you need to control multiple PCs you can set so that the last two digits of the port number become the DISPLAY number (client number)
for example
machine 1 = 0 (that's port 5800) to connect type http://<public IP address>:5800
machine 2 = 1 (that's port 5801) to connect type http://<public IP address>:5801
Obviously at the CONTROLLED end the router/firewall must be set up to forward port 5800 to machine 1's IP address etc.
Why port 5900 then?
The APPLICATION uses this port
*****Links*****
Download RealVNC
http://www.realvnc.com/
Download TightVNC
http://www.tightvnc.com/
Connecting over the web Java VNC Viewer
http://www.realvnc.com/javavncviewer.html
I have used both PCanywhere 10.5 and 11 over dialup and it works ok considering the limited bandwidth, although if you want to transfer a file you will be waiting a while (average 3 kb almost every time I had to use it). Ultra VNC supports normal password authentication + windows authentication so it works quite well.
Doesn't matter what you do, enable vpn, open ports for pcanywhere or VNC, you are still opening a hole in your firewall. If you have a secure password and change the password every month, then the risk is greatly reduced.
Doesn't matter what you do, enable vpn, open ports for pcanywhere or VNC, you are still opening a hole in your firewall. If you have a secure password and change the password every month, then the risk is greatly reduced.
ASKER
Hi,
Thank you both for your help.
I have done as you both suggested (set up a static name for a dynamic IP) and opened the ports on my router.
I will be testing the remote control this evening and hopefully won't have any problems.
When you say that I've opened a hole in my firewall, do you mean use a secure password for Windows or for pcAnywhere or both?
Are there any other ways to make this 'hole' as small a security risk as possible. I have a firewall built into the router and also mcaffee personal firewall.
Thank you both for your help.
I have done as you both suggested (set up a static name for a dynamic IP) and opened the ports on my router.
I will be testing the remote control this evening and hopefully won't have any problems.
When you say that I've opened a hole in my firewall, do you mean use a secure password for Windows or for pcAnywhere or both?
Are there any other ways to make this 'hole' as small a security risk as possible. I have a firewall built into the router and also mcaffee personal firewall.
Basically, what they mean by a hole in your firewall is that you are allowing access to PCAnywhere on your machine to anyone on the internet. That means that anyone with pcanywhere can connect to your computer and try to log in. You can limit the risk by using a good password, mainly on PCA, but also on windows. You may also be able to limit who is allowed to connect based on IP address, but it depends on your router and if you always connect from the same place and that IP never changes.
What brakk0 said.....By opening the port anyone in the world can attempt to connect to your computer. The only thing you can do is keep the software behind it as up to date as possible and ensure you have a secure password. Check out the link below for info on creating a secure password. Some of the best password are ones that substitute numbers for letters. For example I like summer can be put in as 1L1k3Summ3r which with todays technology would take a more then a million years to break using brute force attack (brute force is when they try every single combination until they get the correct password).
http://www.computing.vt.edu/accounts_and_access/pickinggoodpasswords.html
http://www.computing.vt.edu/accounts_and_access/pickinggoodpasswords.html
ASKER
Hi guys,
sorry if this is becoming a bit of a bore and thanks for the security advice.
Tried it last night and it didn't work unfortunately. Also looked at the troubleshooting on the page you sent PeteLong but to no avail.
Here's what I did.
Signed up for an account at no-ip.com
On the host machine......
Downloaded the no-ip client to keep my ip address up to date.
Have both the no-ip client and the pcAnywhere client starting up as services.
On the host machine's router......
Set it to use static IP for the host computer
Set up the virtual server to forward the relevant ports to this static IP address
On the remote machine......
This machine has the similar set up as the host machine (ie behind a wireless ADSL router) do I need to make any changes to this router?
I can ping both the domain name and the host ip address from this machine no problem but when I try to connect using pcAnywhere it just fails.
Any ideas?
sorry if this is becoming a bit of a bore and thanks for the security advice.
Tried it last night and it didn't work unfortunately. Also looked at the troubleshooting on the page you sent PeteLong but to no avail.
Here's what I did.
Signed up for an account at no-ip.com
On the host machine......
Downloaded the no-ip client to keep my ip address up to date.
Have both the no-ip client and the pcAnywhere client starting up as services.
On the host machine's router......
Set it to use static IP for the host computer
Set up the virtual server to forward the relevant ports to this static IP address
On the remote machine......
This machine has the similar set up as the host machine (ie behind a wireless ADSL router) do I need to make any changes to this router?
I can ping both the domain name and the host ip address from this machine no problem but when I try to connect using pcAnywhere it just fails.
Any ideas?
What ports have you forwarded to your computer?
You only need to modify your router.
if you ping your no-ip.com name, does it resolve to the correct IP address??
You only need to modify your router.
if you ping your no-ip.com name, does it resolve to the correct IP address??
ASKER
5631 and 5632
Yes it resolves to the expected IP address.
It must be something simple that I'm missing. I'll give it another try later.
Kind of awkward to test because if it doesn't work then I've to back to the other building to check settings etc.
Thanks for the help
Yes it resolves to the expected IP address.
It must be something simple that I'm missing. I'll give it another try later.
Kind of awkward to test because if it doesn't work then I've to back to the other building to check settings etc.
Thanks for the help
ASKER
Hi,
I've still had no luck getting this working in the office and so I've increased the points for it. I have however gotten it working at home so I'm close.
The problem (I think) must be the router set up in the office as it's a bit unconventional.
Basically I had a wired ADSL router (Netopia Cayman Internet Gateway) which used to be my sole connection device.....since then however I added a wireless router to the set up.
So now I still have the original router and it has the DSL connection (so basically it is a DSL router acting as a DSL modem). This gives a 192.168 IP address to the wireless router which then acts as the DHCP server etc for the network.
Now I have set up the wireless router to perform the port forwarding however I've not done anything to the netopia.......
I hope this makes sense.
Do I need to set up the netopia to forward the same ports to the Wireless router's IP address or what?
Cheers.
I've still had no luck getting this working in the office and so I've increased the points for it. I have however gotten it working at home so I'm close.
The problem (I think) must be the router set up in the office as it's a bit unconventional.
Basically I had a wired ADSL router (Netopia Cayman Internet Gateway) which used to be my sole connection device.....since then however I added a wireless router to the set up.
So now I still have the original router and it has the DSL connection (so basically it is a DSL router acting as a DSL modem). This gives a 192.168 IP address to the wireless router which then acts as the DHCP server etc for the network.
Now I have set up the wireless router to perform the port forwarding however I've not done anything to the netopia.......
I hope this makes sense.
Do I need to set up the netopia to forward the same ports to the Wireless router's IP address or what?
Cheers.
ASKER
Yes, turned out I needed to do some port forwarding on both routers.
Success...at last.
Thanks everybody for your help.
Success...at last.
Thanks everybody for your help.
ASKER
That looks quite simple...However it also seems quite unconventional. Is there not a more "proper" (for want of a better word) way of doing it?
How secure would it be to use this method.
Another way that I didn't include in the original post would be to just use dial up directly between the two modems but I'd imagine this is rather slow. Has anybody tried this?
Thanks again Pete....I'll just leave the topic open for a bit longer and see if anyone else comes up with anything.