Isaac Bennetch on 1 Sep 2008 08:28:38 -0700

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Question about Remote Desktop through a NAT

Hi. Sorry I'm backed up on my email so I'm a bit late to this discussion, but...

On 8/30/08, Casey Bralla <> wrote:

> 2.  The assigned private IP address may change, thus rendering the port
> forwarding useless

You should be able to set up static-like addressing which is tied to a
MAC address. Even though the router still uses DHCP, it reserves and
assigns specific IP addresses to specific MAC addresses. Setting it up
remotely is probably non-trivial, but is probably the easiest solution
to this specific problem. I forget what this is specifically called
but is set up in the DHCP area of my router.

Doing this you could (once aware of the security implecations noted
elsewhere in the thread) open up the router to point VNC requests to
his reserved IP address and use any dynamic DNS program to find him
easily. I use It's free and does what I expect.

> 3.  There may be visitors at his house who are accessing the wireless, and
> then the assigned IP addresses will be assigned to the wrong computer.

Not an issue if you set up #2 as I mention since unconfigured MAC
addresses receive any available (unreserved) IP address through DHCP.

> What I want to do is to have my dad run a "VNC Request" program that will
> weave it's way through his NAT to my static IP address, establishing
> a "reverse VNC" so I can then control his desktop.

While RealVNC isn't Open Source, it is free for download. The Windows
version allows one to initial a "reverse VNC" connection. Assuming the
Linux version works the same way (I see no reason it wouldn't since
they're advertised to be the same), your dad would "Add New Client"
and enter your static IP address or DNS name or whatever. You,
meanwhile, have the Listening Viewer running which is waiting for your
dad's server to try to connect, then bingo; you've got control.

And saving my best thought for last; you may also consider tunnelling
your solution on top of some sort of VPN. This has been brought up and
discarded in some previous list responses, but (again, non-open)
solutions like Hamachi exist which would make this really painless.
Using Hamachi, you'd both add yourselves to the same Hamachi network,
he'd run a standard VNC server and you'd use a standard VNC client to
connect to his Hamachi IP address. His server could be IP address
restricted to only listen for your Hamachi IP address or simply not
forwarded at the router -- Hamachi should see right through it. It's
not The OSS way, but it seems to me the easiest solution proposed so
far and it's more secure -- his machine doesn't have to listen to the
public internet at all plus your traffic is encrypted.

> TIA, and have a great long weekend!

You and the rest of the list as well,

> Casey Bralla
> Chief Nerd in Residence
> The NerdWorld Organisation
> ___________________________________________________________________________
> Philadelphia Linux Users Group         --
> Announcements -
> General Discussion  --
Philadelphia Linux Users Group         --
Announcements -
General Discussion  --