Connecting to two servers behind the same NAT using Real VNC

I was wondering if it was possible to remote to two machines behind the same NAT with only one static IP using REAL VNC. One machine is Windows XP Home and the other is a MAC running OSX. Any help would be greatly appreciated. Thanks!

***edit***

Just to confirm, I don't believe this is possible without setting up a VPN connection. Again, I only have 1 static IP, and either way, my clients router isn't capable of a one to one NAT....

which is ****.

Find more posts tagged with

Save $250 on 2025 certification boot camps from Infosec!

Book now with code EOY2025

Button

Comments

royal

I don't think it's possible. If you want to connect to two different machines, you need 2 different public ips either being NAT'd or actual pulic ips on the machine's NIC. But as you said, you'd pretty much have to use that public IP to VPN in, and then RDP to the client's private ip address.

stevejay

yeah thats what i figured. I Just wasn't sure if there was any "magical" program that I could use as a work around. Do we know of any open source or cheap/free VPN software?

seuss_ssues

On machine one install and run VNC like normal.
On machine two install and run VNC on a different port.

In your router:
Setup a port forward for 5900 (default vnc port) to machine one.
Setup a port forward for which ever other port you selected to machine two.

To differentiate between the machines just choose a different port when connecting up.

Or you could just make one machine vnc accessible from the internet and once connected to it vnc into the other machine using its local private ip.

TechJunky

seuss_ssues hit the nail on the head.

Beat me to it.

seuss_ssues

I would also recommend using one of the flavors of VNC that allows for encryption. Im not very fond of sending authentication information across public networks in clear text.

JDMurray

I use UltraVNC and it supports encryption plugins.

stevejay

seuss_ssues wrote:

On machine one install and run VNC like normal.
On machine two install and run VNC on a different port.

In your router:
Setup a port forward for 5900 (default vnc port) to machine one.
Setup a port forward for which ever other port you selected to machine two.

To differentiate between the machines just choose a different port when connecting up.

Or you could just make one machine vnc accessible from the internet and once connected to it vnc into the other machine using its local private ip.

yessss...this is the key. This is what I was missing. Thank you very much. That helps me out in so many ways.

stevejay

ps.I've got two more questions.

a. Can I just use a port range, and do this for more than two machines?
and

b. Is there any particular port range you would suggest?

seuss_ssues

A. There is no reason you could not forward a range of ports if your firewall/routing device will allow it.

B. You can forward whichever port that you choose. I would try to stay away from well established ports such as 20/21 ftp, 22 ssh, 25 smtp, 80 http, 443 https, etc.....

They would still function flawlessly but they will also get alot more attention from potential worms and script kiddies running code thats searching for exploits. For example if a worm is released that attacks port 80 it will target and try to attack you if port 80 is open even if you are not running a webserver.

here is a list of ports:

http://www.iana.org/assignments/port-numbers

The Registered Ports are those from 1024 through 49151

So you could go above 49151 and not interfere with any other services out there. It would just be hard to remember that port 50102 is your vnc port and 50222 is your ssh.

stevejay

seuss_ssues wrote:

A. There is no reason you could not forward a range of ports if your firewall/routing device will allow it.

B. You can forward whichever port that you choose. I would try to stay away from well established ports such as 20/21 ftp, 22 ssh, 25 smtp, 80 http, 443 https, etc.....

They would still function flawlessly but they will also get alot more attention from potential worms and script kiddies running code thats searching for exploits. For example if a worm is released that attacks port 80 it will target and try to attack you if port 80 is open even if you are not running a webserver.

here is a list of ports:

http://www.iana.org/assignments/port-numbers

The Registered Ports are those from 1024 through 49151

So you could go above 49151 and not interfere with any other services out there. It would just be hard to remember that port 50102 is your vnc port and 50222 is your ssh.

Gotcha. I'm halfway through a CCNA course, so I know my ports. I've just never configured remote desktop outside of windows XP using RDP locally. I work for an on-site network support company as a jr. engineer. So I'm learning. Your help is greatly appreciated. I'm going to set this up for myself for all of my servers at home right now! Thanks again man.

***Edit***

p.s when remoting through the UltraVNC viewer(client), I use a dynamic DNS at MY personal location. How will this affect trying to specify a port...I have it resolving? or can I specify a port after URL?Thanks again!

seuss_ssues

generally you can do something like:

[url]www.mycomputer.com:XXX[/url] where XXX is the port you want to choose

additionally you could always ping your dyndns address and get the ip and then try

192.168.1.1:XXX where the IP address == your address and XXX == the correct port

JDMurray

seuss_ssues wrote:

www.mycomputer.com:XXX where XXX is the port you want to choose

For VNC you use two colons to specify a port, as in computertomanage.com::54321. Using only one colon specifies the session to connect to running on the remote VNC server, with session zero being the default (computertomanage.com:0). Some VNC clients will automatically assume that any session number above 100 (99?) is a port number even if a single colon is used, but I've never tried this with UltraVNC.

seuss_ssues

Thanks JD, i dont run VNC that much and didnt know it required ::