Results 1 to 8 of 8
  1. #1
    vnc, port forwarding

    Member Since
    Sep 29, 2009
    Posts
    70
    vnc, port forwarding
    i just got a vnc to work locally on my macbook from an ubuntu netbook;
    can control the desktop and access stuff fine;
    i am wondering if i can access this from other networks?
    what would i use as the ip, since i enter 192.168.1.x to get on the macbook from the same network;
    would i use the wan ip and some type of port forwarding?
    if so, my router asks for the name of a service, eg. AIM, telnet, http, ftp
    ideally, i would like to access files on the macbook, but can i also route traffic through my home router to a proxy service or through the macbook via proxy service;
    so i can browse anonymously (to a certain extent) from a netbook in, for example, a starbucks through my router at home

  2. #2
    vnc, port forwarding

    Member Since
    Sep 29, 2009
    Posts
    70
    ...
    come on, has anyone ever set up a VPN at home,
    and been able to access from different networks?

  3. #3
    vnc, port forwarding
    IvanLasston's Avatar
    Member Since
    Feb 26, 2010
    Location
    Rocky Mountain High, Colorado
    Posts
    2,116
    Specs:
    1.8 GHz i7 MBA 11" OSX 10.8.2
    VNC is insecure - and if use it over the internet - you'll want to encrypt it by portforwarding through ssh.
    Setup a dynamic dns - there are a myriad of ways to do this but most routers support dyndns - then you don't have to worry about knowing the ip address.
    DynDNS.com - Services -- Dynamic DNS Free (DDNS) Service

    Setup SSH on ubuntu - search the web for securing ssh, ssh and iptables, and denyhosts. Also search for rsa public key - and don't allow password login. Do note that once you open port 22 you will get attacked so that is why these precautions are neccesary.

    Then port forward 22 to your ubuntu

    You can then ssh tunnel to any port on your internal network. To do vnc the command would look like
    ssh -L 5910:192.168.1.2:5900 ivanl@myregistereddomain.dyndns.org
    Needs to be capital L - otherwise l means login
    5910 is the local port you are forwarding to
    192.168.1.2:5900 - the internal ipaddress and port you are forwarding
    ivanl would be your login to your ubuntu box
    myregistereddomain.dyndns.org is the name you registered with dynamic dns

    This is just a high level overview but I'd not recommend doing any of this until you fully understand the security risks involved - which are many.

    Opening and forwarding ports is very dangerous especially known ports like VNC, RDC, SSH, etc as there are script attacks setup for pretty much all known ports. SSH is pretty secure but again - search and understand the ways ssh can be attacked.

  4. #4
    vnc, port forwarding

    Member Since
    Sep 29, 2009
    Posts
    70
    sweet
    i am not quite sure of all the risks involved, but the data on the computers is well backed up and i wouldnt care if anyone stole it or i had to do a reinstall;
    i think this is a good way of learning the risks involved though;

    just to be clear, i am wanting to have my macbook at home (with an ext HD), i have a reserved address for it on the network (192.168.1.x) which otherwise is using DHCP;
    i read some about setting up ssh, but dont i need to set it up on the macbook as well and forward to the port on this machine?
    i thought i would need to forward to the machine at home?
    or have i got it backwards?
    thanks for the great post, i think with this info it is now just a matter of time before i can leave my mac out of harms way and travel with a cheap netbook with free open source software

    edit: btw i set up an account with no-ip.org, so they are providing a static ip that refers to my sometimes changing ip from provider? do i need to correspond any port forwarding to this service, or just to the macbook? or to the netbook (although i dont see how, unless i specify by MACaddress, because the netbook would have different IP depending on where i was)

  5. #5
    vnc, port forwarding
    IvanLasston's Avatar
    Member Since
    Feb 26, 2010
    Location
    Rocky Mountain High, Colorado
    Posts
    2,116
    Specs:
    1.8 GHz i7 MBA 11" OSX 10.8.2
    Sorry I misunderstood your setup.

    Also let me say - I am very serious about network security. You might think why bother no one is going after me. As I said once you start opening ports to the internet there are scripts ready to attack. Your machines can be made zombies, your email could get hacked and get blacklisted, hence making that email useless. If there is any information available you could become a victim of identity theft - it doesn't take much data to take your identity, open credit cards, take loans in your name, etc. So you should care if someone gets into your network. Do you ever buy anything online? Do you ever bank online? Do you ever do taxes online? If the answer is ever yes then you should care. But I digress...

    The high level view of what I described is this.
    remote client <->(internet)<->ssh server <-> any port, any computer inside the network

    I'll pirate an image from the web



    That being said you can port forward the server's ports as well - which I do quite often. As long as the server has an ssh-server on it (which the mac does) you can set this up.

    The no-ip setup is just so you can point to an easy to remember site name instead of an ip address. It serves the same function as the dyndns I suggested. So once it is pointing to your network there isn't anything you need to do for no-ip - it is a passthrough more or less. Just remember to have a script or something that updates the IP every now and then. The reason I use dyndns is most routers including mine have a built in setup for dyndns. So as an example I want to ssh to my machine. I registered imcool.noip.com - I port forward and open port 22 to my ssh server (in your case the mac) All I'd have to do is ssh imcool.noip.com and I am sshing to the mac. So on top of being able to port forward ssh to any machine internal of my network, I can also use ssh to copy, move, etc files to and from the ssh server. Cyberduck with sftp - can use scp.
    Cyberduck | FTP, SFTP, WebDAV, Cloud Files & Amazon S3 Browser for Mac OS X | About
    So again I just point cyberduck to imcool.noip.com - and it opens a window that lets me browse my ssh server.

  6. #6
    vnc, port forwarding

    Member Since
    Sep 29, 2009
    Posts
    70
    pimp tight
    i will do more research on the vulnerabilities of what i set up, but dont i need to type the admin password to do anything significant as of 10.5.8?
    like to install a keylogger program, for example, on the macbook, even if they access the machine remotely, dont they need physical access or admin password to install any executable?
    if its a more complicated issue, i will be doing some long term reading, i got "the network self-teaching guide" which has commonly used protocols like ssh;
    is there a specific resource you would point me towards?

    thanks for the clear instructions

  7. #7
    vnc, port forwarding
    Collin Bl's Avatar
    Member Since
    Apr 07, 2009
    Location
    Napier NZ
    Posts
    3,291
    Specs:
    27 iMac i5, MBP 13 & iMac 20, 2TB dual TC, AppleTV, iPh4S
    Or if want to have look here it may be of interest Take Control of Back to My Mac

  8. #8
    vnc, port forwarding
    IvanLasston's Avatar
    Member Since
    Feb 26, 2010
    Location
    Rocky Mountain High, Colorado
    Posts
    2,116
    Specs:
    1.8 GHz i7 MBA 11" OSX 10.8.2
    Oh yeah Occam's razor - if all you really want to do is transfer files from your mac and control it remotely try team viewer
    TeamViewer - Free Remote Access and Remote Desktop Sharing over the Internet
    free for personal use. Has a built in file transfer and remote desktop viewing/sharing. Very easy and it is cross platform between mac and windows - now if you have linux that is an issue.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Port Forwarding
    By bobjoe in forum Switcher Hangout
    Replies: 1
    Last Post: 05-28-2013, 03:42 AM
  2. Port Forwarding
    By damon66 in forum Apple Notebooks
    Replies: 0
    Last Post: 03-10-2010, 06:08 PM
  3. Port Forwarding Help
    By pasteofanchovie in forum OS X - Operating System
    Replies: 0
    Last Post: 04-22-2009, 11:22 PM
  4. Port Forwarding??
    By chrisdistaulo in forum Internet, Networking, and Wireless
    Replies: 4
    Last Post: 11-30-2008, 10:24 PM
  5. Help w/ port forwarding
    By bauermt40 in forum OS X - Operating System
    Replies: 3
    Last Post: 01-09-2005, 04:29 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •