Remote access mac to mac
February 25, 2007 9:48 AM Subscribe
I'm looking for some help accessing my home mac from my work mac. Both machines are running OS 10.4. My home mac is behind a D-Link 624 router, using verizon FIOS.
I'd like to stay away from using Terminal, if possible. Although a graphical interface is not absolutely necessary, it would be fine to use VNC, as long as this is not slower than not using it. But I'm also fine with using the "Apple-K" function in the menu bar and having my home mac appear as a networked drive on my work desktop. I've looked into several tutorials, but all leave some questions, mostly surrounding port forwarding. I've set up an account with DynDNS, but it's unclear to me how to use this account, as I'm not sure how to assign the domain I've created an IP address. The only IP I see for my computer is one distributed by my router.
I know that there's a public IP assigned by my ISP (verizon FIOS), and my private IP, which can change every so often under DHCP. However, on the DynDNS site it looks like the verizon IP, starting with a 7, changes every so often too. Not sure how to deal with this either...
If I go the VNC route, I've looked into Vine Server and Chicken of the VNC. I also know about SSH Tunnel Manager.
I'd appreciate any help in getting everything working well together. As mentioned previously, I think my biggest problem is getting port forwarding to work, and dealing with dynamic IP addressing, ie using the DynDNS software.
Thanks for your help.
I'd like to stay away from using Terminal, if possible. Although a graphical interface is not absolutely necessary, it would be fine to use VNC, as long as this is not slower than not using it. But I'm also fine with using the "Apple-K" function in the menu bar and having my home mac appear as a networked drive on my work desktop. I've looked into several tutorials, but all leave some questions, mostly surrounding port forwarding. I've set up an account with DynDNS, but it's unclear to me how to use this account, as I'm not sure how to assign the domain I've created an IP address. The only IP I see for my computer is one distributed by my router.
I know that there's a public IP assigned by my ISP (verizon FIOS), and my private IP, which can change every so often under DHCP. However, on the DynDNS site it looks like the verizon IP, starting with a 7, changes every so often too. Not sure how to deal with this either...
If I go the VNC route, I've looked into Vine Server and Chicken of the VNC. I also know about SSH Tunnel Manager.
I'd appreciate any help in getting everything working well together. As mentioned previously, I think my biggest problem is getting port forwarding to work, and dealing with dynamic IP addressing, ie using the DynDNS software.
Thanks for your help.
What is your goal? It sounds like it's just file transfer functions, but you weren't really clear about that.
For dealing with dyndns, many home routers (linksys and such) have auto-updating of dyndns records. That'll keep your dyndns records consistent with reality.
If you just want to set up file transfer, you can setup FTP server on your mac (via System Preferences and such). Make sure it's an unprivileged user and has a good password. At that point, setup your home router to route port 22+21 to your computer's internal IP.
posted by cschneid at 11:29 AM on February 25, 2007
For dealing with dyndns, many home routers (linksys and such) have auto-updating of dyndns records. That'll keep your dyndns records consistent with reality.
If you just want to set up file transfer, you can setup FTP server on your mac (via System Preferences and such). Make sure it's an unprivileged user and has a good password. At that point, setup your home router to route port 22+21 to your computer's internal IP.
posted by cschneid at 11:29 AM on February 25, 2007
Do you have remote access to work from home? For example, can you SSH into a work server from home? SSH tunnels can work in both directions - you can initiate a tunnel from your home that allows reverse access back into your home, which would make port-forwarding and such unnecessary. Unfortunately, I don't know what the D-Link's admin software looks like, but I've used this tunneling style when I haven't had the option to open or forward points at all.
It seems like you just want to move files around. You can tunnel the Apple file sharing protocol or Samba over SSH this way, and get the remote access you're looking for.
The command-line for the reverse tunnel looks like this:
ssh -gvN -R {work port}:localhost:{home port} {work host}
You can then get to {home port} by connecting to {work port} on your work machine. I think SSH Tunnel Manager can do this.
posted by migurski at 11:31 AM on February 25, 2007
It seems like you just want to move files around. You can tunnel the Apple file sharing protocol or Samba over SSH this way, and get the remote access you're looking for.
The command-line for the reverse tunnel looks like this:
ssh -gvN -R {work port}:localhost:{home port} {work host}
You can then get to {home port} by connecting to {work port} on your work machine. I think SSH Tunnel Manager can do this.
posted by migurski at 11:31 AM on February 25, 2007
In order for dyndns to work, you need to run a dynamic DNS client program on either your Mac, or on the router itself. It's probably easier to run it on the Mac rather than fussing with the router...DNSUpdate would be my recommendation. Just make sure that in the type of IP address that you have it send to DynDns, that you choose "external." (You don't want it sending your 192.168.1.x LAN IP to the dynamic DNS service, obviously.)
You might want to read this MacWorld article on remotely accessing your Mac.
All the DynDNS service is going to do, is give you a handy name that you can type, to contact your router on the home network. If you want to actually get to your Mac, you will need to deal with port forwarding. Sorry; there's just no way around it -- the router is going to be set by default to block incoming connections (a Good Thing), and if you want to get to your Mac, you're going to have to forward the ports for the specific services you want to use.
IMO, the only port you should forward is 22, for SSH, and perhaps 548 for AppleShare (which is OK to use over the internet as long as you tell it to use SSH). Everything else you can tunnel over SSH.
posted by Kadin2048 at 11:39 AM on February 25, 2007
You might want to read this MacWorld article on remotely accessing your Mac.
All the DynDNS service is going to do, is give you a handy name that you can type, to contact your router on the home network. If you want to actually get to your Mac, you will need to deal with port forwarding. Sorry; there's just no way around it -- the router is going to be set by default to block incoming connections (a Good Thing), and if you want to get to your Mac, you're going to have to forward the ports for the specific services you want to use.
IMO, the only port you should forward is 22, for SSH, and perhaps 548 for AppleShare (which is OK to use over the internet as long as you tell it to use SSH). Everything else you can tunnel over SSH.
posted by Kadin2048 at 11:39 AM on February 25, 2007
If you're willing to pay, Timbuktu is an excellent option for two reasons:
1) Besides screen control, it allows you to exchange files easily between both machines.
2) It includes a locator service, so that each machine gets registered against an email address. All you have to do is type in the email address for the machine in the "Connect To" box and it does all the lookups and resolutions for you.
It also tends to tunnel through firewalls and the like pretty well - I'm pretty sure I was able to get through my NAT with it before. Might be worth looking at.
posted by Remy at 12:25 PM on February 25, 2007
1) Besides screen control, it allows you to exchange files easily between both machines.
2) It includes a locator service, so that each machine gets registered against an email address. All you have to do is type in the email address for the machine in the "Connect To" box and it does all the lookups and resolutions for you.
It also tends to tunnel through firewalls and the like pretty well - I'm pretty sure I was able to get through my NAT with it before. Might be worth looking at.
posted by Remy at 12:25 PM on February 25, 2007
Response by poster: The purpose of my request is to access files on my home computer while at work.
autojack: I have googled, but the tutorials I've found are unclear about some issues, often having to do with the specifics of port forwarding.
migurski: I do have access to work from home, but I don't know the work port, and it seems unlikely that work IT will allow reverse tunnelling.
Kadin2048: I am not averse to forwarding ports, and I understand there's no way around it. The purpose of my post is to find out how to go about doing this on my particular router.
Thank you for all your answers so far. Many of you discuss port fowarding, and that I need to do it. I am aware of this. the problem is that I don't know how to do it on my particular router.
On my router's admin page, there is a space asking for "private IP" - what do I set this for? As far as I understand, it is the IP of the machine I'm trying to access. However, this IP changes under DHCP, the machine's IP address gets reassigned by the router. If I try to use the "DHCP with manual address", I can no longer access the internet for some reason.
The next field on the router admin window is "public port" and "private port". I believe I set both to port 22.
My biggest problem is how to identify the IP address on the computer I'm trying to reach if that address changes periodically. I'm talking about the internal address, not the external one.
I'm not ready to pay for Timbuktu at the moment.
posted by cahlers at 12:29 PM on February 25, 2007
autojack: I have googled, but the tutorials I've found are unclear about some issues, often having to do with the specifics of port forwarding.
migurski: I do have access to work from home, but I don't know the work port, and it seems unlikely that work IT will allow reverse tunnelling.
Kadin2048: I am not averse to forwarding ports, and I understand there's no way around it. The purpose of my post is to find out how to go about doing this on my particular router.
Thank you for all your answers so far. Many of you discuss port fowarding, and that I need to do it. I am aware of this. the problem is that I don't know how to do it on my particular router.
On my router's admin page, there is a space asking for "private IP" - what do I set this for? As far as I understand, it is the IP of the machine I'm trying to access. However, this IP changes under DHCP, the machine's IP address gets reassigned by the router. If I try to use the "DHCP with manual address", I can no longer access the internet for some reason.
The next field on the router admin window is "public port" and "private port". I believe I set both to port 22.
My biggest problem is how to identify the IP address on the computer I'm trying to reach if that address changes periodically. I'm talking about the internal address, not the external one.
I'm not ready to pay for Timbuktu at the moment.
posted by cahlers at 12:29 PM on February 25, 2007
You might be able to tell your router to always give a certain IP address to a certain machine using its MAC address. Then you will always know its internal IP. If not, you'll need to set your computer (or at least a computer) at home to use a static (internal) IP instead of getting one via DHCP.
I have a computer in my home network that has a static IP with a port forwarded to it. I ssh into that computer, and do a 'ping -b 192.168.1.255', which shows the IP addresses of all the machines on the LAN, and I can then usually guess what my laptops IP address is.
posted by 31d1 at 1:21 PM on February 25, 2007
I have a computer in my home network that has a static IP with a port forwarded to it. I ssh into that computer, and do a 'ping -b 192.168.1.255', which shows the IP addresses of all the machines on the LAN, and I can then usually guess what my laptops IP address is.
posted by 31d1 at 1:21 PM on February 25, 2007
Cahlers: the private IP is the address of your home Mac on the local home network. You can see this by going to your Mac's System Preferences (look for "IP Address" in the search box). It will probably start with "192.168." or "10.1.". You can configure your router to always assign this same address as 31d1 suggests, not sure how D-Link does it.
In the router setup, Public Port is what you will access from work and Private Port is where, on your Mac, you'd like that forwarded. As Kadin2048 says, you probably don't want anything other than encrypted SSH traffic between home and work, so make the Private Port 22. You can tunnel AppleShare over an SSH connection to that machine.
posted by migurski at 3:21 PM on February 25, 2007
In the router setup, Public Port is what you will access from work and Private Port is where, on your Mac, you'd like that forwarded. As Kadin2048 says, you probably don't want anything other than encrypted SSH traffic between home and work, so make the Private Port 22. You can tunnel AppleShare over an SSH connection to that machine.
posted by migurski at 3:21 PM on February 25, 2007
I recommend not going the dyndns + port-forwarding route, because it opens your setup to a whole class of potential exploits you don't need it opened to, and (as you've found out already) is fiddly to get going.
Try hamachi instead. This will let you set up a secure virtual private network between up to 16 arbitrary machines (256 if you pay for a premium hamachi account), and none of them need port forwarding configured because they all find each other by making outbound connections to a hamachi mediation server.
Once your machines are linked to each other via Hamachi, you can use the same mechanisms to share files, do remote control etc. that you would use over a LAN.
I've only used the Windows hamachi package, but I have no reason to believe the Mac version won't work equally well.
posted by flabdablet at 3:38 PM on February 25, 2007
Try hamachi instead. This will let you set up a secure virtual private network between up to 16 arbitrary machines (256 if you pay for a premium hamachi account), and none of them need port forwarding configured because they all find each other by making outbound connections to a hamachi mediation server.
Once your machines are linked to each other via Hamachi, you can use the same mechanisms to share files, do remote control etc. that you would use over a LAN.
I've only used the Windows hamachi package, but I have no reason to believe the Mac version won't work equally well.
posted by flabdablet at 3:38 PM on February 25, 2007
Flabdablet: Hamachi is beta software from an unknown source that asks you to install software on your local machine, and connect to their root server - that's four security alarm bells going off in my head at once. It may be easier, but it's certainly not a service I'd trust with my stuff.
Cahlers is just asking for file access, which means that DynDNS + forwarding port 22 is enough, no tunneling of Apple shares required. Client software like Transmit or Interarchy will be enough to connect securely, upload and download files.
posted by migurski at 4:51 PM on February 25, 2007
Cahlers is just asking for file access, which means that DynDNS + forwarding port 22 is enough, no tunneling of Apple shares required. Client software like Transmit or Interarchy will be enough to connect securely, upload and download files.
posted by migurski at 4:51 PM on February 25, 2007
Migurski, hamachi clients only contact the mediation server to allow the clients to discover external IP addresses and port numbers they can use to continue conversing on their own, and to be assigned private IP addresses in the hamachi VPN address space of 5.x.x.x. Once the initial contact has been established, all VPN communication is completely peer-to-peer. You can easily verify this behaviour with a packet sniffer. The security architecture is documented here. It's currently owned by logmein.com, who have been in this business for a respectable amount of time.
No, it's not open-source. But then, neither are Transmit or Interarchy.
If you're looking for a small open-source FTP client that works extremely well, I use and recommend the FireFTP Firefox extension.
posted by flabdablet at 5:39 PM on February 25, 2007
No, it's not open-source. But then, neither are Transmit or Interarchy.
If you're looking for a small open-source FTP client that works extremely well, I use and recommend the FireFTP Firefox extension.
posted by flabdablet at 5:39 PM on February 25, 2007
The reason not to use Hamachi on a Mac is that there's only a command-line version and it's something of a pain to set up. (There's a GUI, but it's not from the Hamachi folks.) That said, it does work very well and does some extremely clever things to get through NATs.
posted by kindall at 7:46 PM on February 25, 2007
posted by kindall at 7:46 PM on February 25, 2007
This thread is closed to new comments.
If the latter, set up VNC Server on your home Mac. Google will tell you how to do it. It will also tell you what port VNC server listens on. You will need to open that port for access from the outside world, using your home router's web interface. Its manual should show you how to do that. For example, if the VNC port is 1000, and your Mac's internal IP on the network is 192.168.1.100, you will open that port to that IP. Then if your current public IP is 12.1.2.3 or something like that, connecting to that IP from work with VNC will open a session with your Mac.
If you want to find out what your current public IP is at home, go to http://www.whatismyip.com
As for the DynDNS stuff, the way that works is that there's a client you install on your Mac at home, which periodically checks to see what your public IP is. When it detects that the public IP has changed, it changes the DNS pointer on the DynDNS servers to keep it up to date. That way you can always just connect to cahlers.dyndns.org or whatever it is, and be routed to your home network.
If you want to be able to share files between these systems, there are probably a few ways to do that, some are more secure than others, and I have limited experience with all of them. Again, Google will probably lead you to some HOWTOs on that.
posted by autojack at 11:29 AM on February 25, 2007