LISTSERV - PCBUILD Archives - LISTSERV.ICORS.ORG

PCBUILD Archives

Personal Computer Hardware discussion List

PCBUILD@LISTSERV.ICORS.ORG

	LISTSERV Archives
	PCBUILD Home

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Forum View Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Re: Accessing PC behind router/firewall/etc.
From:	David Gillett <[log in to unmask]>
Reply To:	PCBUILD - Personal Computer Hardware discussion List <[log in to unmask]>
Date:	Mon, 11 Nov 2002 10:40:16 -0800
Content-Type:	text/plain
Parts/Attachments:	text/plain (47 lines)

On 10 Nov 2002, at 19:50, Mike Whalen - The Computer Valet wrote:

> Hey folks,
>
> I wondered if I could get some general thoughts/experiences about how
> to access PCs behind router/switch/NAT/firewall boxes.
>
> What I want to do is run VNC-like sessions on some of my home
> computers from work. I want to be able to see and remotely control my
> desktop.
>
> So, I'm looking for experience stories. Any thoughts?

  If it's *simply* behind a router, there's no issue -- so is 98% of the
Internet, it's how TCP/IP works.

  If it's behind a firewall (there are a couple of general types of
firewall, but let's assume the most common, a "packet filter"), then you
will need to determine what TCP (and/or UDP) ports VNC or pcAnywhere or
whatever product you've chosen uses, and configure the firewall to allow
connections on those ports.  Note that unless you can be certain what
address your work connections will be coming from, these openings will have
to allow connections from *anywhere*, so the firewall should not be your
only line of defence -- you'll want to have account/password security set
up, and a product that does encryption is a good idea.

  If it's behind NAT, then there are two issues:

1.  The machine's locally-configured address should be private, and will not
be reachable from anywhere else.  The NAT device will need to be configured
to implement "static NAT", mapping a public IP (or at least the necessary
ports of a public IP, if it offers that option) to and from the machine's
private IP.  If you don't have a spare public IP, setting up any kind of
home server (including VNC or the like) may not be an option.

2.  Some protocol designs embed or encrypt endpoint address information.
Since the addressing on each packet changes as it passes through NAT, the
destination will detect the change and reject it.  So some
products/protocols cannot play nicely with NAT.  (Since you haven't said
which you have in mind, specifics are hard to provide.)

David Gillett

                  Visit our website regularly for FAQs,
               articles, how-to's, tech tips and much more
                          http://freepctech.com

ATOM RSS1 RSS2

LISTSERV.ICORS.ORG