Avi

I have a PC at home which is acting as a router (PC1) I have other PC's sharing the internet connection (PC's 2,3,4).

I need to be able to access PC2 via PC Anywhere or a similar Program from work. Is there anyway of doing this, as I only have an IP address for my Main PC

XRS

I believe you can run pcAnywhere as a host and a client at the same time, so you would just get PC1 to access PC2. Might be a bit slow though.

IanW

Just do a port mapping of ports 5631 and 5632 (IIRC) to machine number 2.

ozzy

You can also use VNC, but the main point is enabling port-forwarding on your router (PC1).

Say the public IP of the router is 191.200.45.21 and VNC is configured for port 5800, then you need to tell the router to forward traffic sent to 191.200.45.21:5800 to 192.168.0.2:5800 (or whatever the IP address of PC2 is).

What router software are you using on PC1. I know the iptables command if you're using Linux.

Stefan

mutant_matt

Don't want to state the obviouls but you have a Firewall right???

Avi

I am running Norton Firewall (Allthough i am changing to Zonelarm as it's easier to configure), and just using standard Windows XP Internet connection Sharing. Most of the above has just gone straight over my Head

IP should be dynamic but hasn't changed since I got Blueyonder Broadband about a year ago

Andy

ozzy

Within the Internet Connection Firewall setting of XP, there's options to configure port-forwarding.

Right-click Network Connections and select Properties. Right-click on Local Area Connection, then select the Advanced Tab. Click on the Settings button and select the Services tab. That's all the stuff for configuring particular ports.

New I shouldn't have bothered mentioning Linux

Stefan

carl

Isn't 'port forwarding' just NAT?

Carl Harvey

David

Is "remotely anywhere" software? I've not heard of it before.

Carl

Jeff Wiltshire

</Stating the bleeding obvious mode on>

If you can access your machine remotely then every other script kiddie in the world can as well....Port scanning for PCAnywhere/VNC etc are regularly occur.

</Stating the bleeding obvious mode off>


Jeff

ozzy

So you configure your firewall software to only accept connection from your work IP address. This should stop any young kiddies from connecting to your PC ..... shouldn't it?

NAT is a simple method for connecting multiple private computers through a single public address. This gives you a basic level of firewall security.

NAT Explained

Port forwarding is an extension of NAT that provides a way of passing information to a specific device on the private part of the network

Port Forwarding (mapping) Explained

Stefan

Jeff Wiltshire

I would be tempted (in your position) to use something like PPTP to tunnel to the Firewall machine. While this doesn't encrypt the data or header information it will restrict access to clients that have the correct PPTP information. This is something that Win2K & XP have built in (although its a pain in the *** to set-up). If you wanted to get serious then you should use a IPSec VPN tunnel (probable with Manuel IKE rather than Shared Secret)with user authentication.

Static NAT and/or PAT will protect you from the vast majority of hacks but it isn't a security protocol. It is probable OK for your situation.


Jeff

David_Wallis

www.remotleyanwhere.com

David

David_Wallis

Running remotely anywhere and dynamic dns through www.dyndns.org

Mail me if you want more info.

David

[Edited by David_Wallis - 5/10/2002 10:27:56 AM]

carl

Unless they're IP spoofing. I think you need some sort of authentication mechanism as well -- if there's a way of running ssh all well and good, if not consider Kerberized applications.

PS: I have heard of port mapping referred to as PAT (Port Address Translation). To me it's all just NAT.

[Edited by carl - 5/9/2002 11:13:05 PM]

dsmith

Port mapping tends to describe incoming connections to a firewall being mapped (NATed) to different internal IP addresses depending on destination port

PAT tends to be used to describe outgoing connections from multiple internal IP addresses being NATed behind a single (or pool) IP address with the source port ebing used to track the individual connection

Both of which, as you say, are specific forms of NAT.

I would say that to simply access a home PC. The combination of using a filter on source IP, a non-standard port for the Remote Control Application and whatever authentication the Remote control provides, plus the underlying security in the OS being controlled would be sufficent for me (and is in fact precisely how I control my home PC when needed). Its got to be someone who knows you to go after all those details. And if they're that determined then you're better of unplugging your broadband entirely.

-Mind you I'm on ISDN so have the extra security that I have to dial a specific number to wake my box when needed. Depending on how often you'll need it, I would suggest you enable it only when you know your going to want it.

Deano

[Edited by dsmith - 5/9/2002 11:25:44 PM]

Jeff Wiltshire

Or even

http://www.remotelyanywhere.com/




[Edited by Jeff Wiltshire - 5/10/2002 10:32:25 AM]