[edit]I should have used the word 'private' instead of 'internal' in the subject. 'private' is more clear... sorry[/edit]

Well, this issue has come up a couple times here on LQ, but I've never seen an answer that works for me.

I would like to be able to use VNC to connect from my home computer to my dad's home computer. Both computers have private IP addresses. My dad's computer's IP address is assigned by DHCP and there's no NAT involved. I've got no control over the router at his ISP to enable port forwarding or anything. All I have at my fingertips are his private IP and the router's pubic IP.

I've run into several tutorials on vpn, vnc tunneling over ssh, etc, but none have worked.

Is what I want to do even possible given my limited resources?

If you are both behind a firewall s and neither of the firewalls support port forwarding then I'm afraid I think that you're out of luck. If one of the firewalls can have the necessary port forwarded then one of you can initiate the connection to the other, for example:

(normally)
I have the vnc port on my home firewall (an adsl router) open and forwarded to my home desktop pc, which I leave running all day with vnc enabled.
I go to work and I connect to my home firewall public address (identified as the WAN address) from my work pc and the vnc service responds on that address. I then have control of my home pc from work.

(alternative)
I forward the port on my work firewall to my work pc where vnc client is setup to accept connections.
I go home and I connect to my work's public IP address using vnc set to connect to a client (I'm afraid I can't remember how vnc refers to this method of server initiated connection) and hey presto the person on my work pc can control my home pc.

Does that make sense?

Dylan

Yeah, that does make sense. I believe both of our computers are behind firewalls, and I have no way of forwarding the vnc ports. However, port 80 traffic obviously works. There should be a way to tunnel vnc data over port 80 or some other standard port that the firewall will allow. A computer with a private IP address that is behind a firewall/router can initiate a two-way conversation with a web server, so it should be possible. I'll google it a little more.

Thanks for the prompt response.

Hahaha! Well, I'm making progress! I didn't mention that I have a hobby web server (with a public IP). I didn't think much of it until I realized I could just set up a VNC server on the web server, run vncviewer in 'listen' mode, and have my dad connect to it from the VNC server I set up on his machine. Voila, my server now has a real-time interactive session with my dad's computer. Then, I simply VNC into my web server from my home machine and the objective is complete (albeit rather clumsily).

What I'm seeing from my end is a vnc session within a vnc session. It is kind of a bottleneck that way, but we both have high-speed connections, so it's workable. However, security really isn't there... so, that's the next step.

Sorry if all that sounded a little confusing. I'm just excited.

Ok, I'm changing my objective a little. I would now like to connect to my dad's computer indirectly via my webserver. But, I don't want to do it the way I did it above (a session within a session). As I said, it's clumsy.

Is there any way to connect to the vncserver on my web server and have that vncserver forward my request to the vncserver on my dad's machine? The catch is that my web server can't see (ping) my dad's machine. I had to do a reverse connection from my dad's machine to my web server in order to get them to talk. I'm running into a roadblock here....

Any suggestions?

If you are both on high speed accounts (ie cable or dsl) they probably don't have a firewall between you and the internet. Port scan his public IP and see what ports are open maybe his vnc server is miss configured and not listening. If he has a router you need to port forward the vnc, what do you mean by internal IP? (like 192.168 or 10.10??)

ok, I just googled for 'port forwarding vnc' and got this http://perlmonks.thepen.com/433160.html which looks like it would solve both forwarding and security issues for you. *However*, I still think that you will require port forwarding on one end of your link.

Going back to your previous solution I recalled something about being able to use the vnc client in a web browser, but after googling for that you would still need the ability to serve web pages (i.e. you would need port forwarding).

From a human perspective point of view I think it is kinder as a user to be able to hand over control to a remote user, rather than have the remote use take control - i.e. they 'request' assistance, rather than have it forced on them!

I think that there is a limitation in the fact that you *need* port forwarding on at least one end of the connection.

Dylan

Thanks for the replies. tormented_one, I meant to use the word 'private' instead of 'internal' -- stupid mistake. We both have 192.168.x.x addresses. I am quite sure my dad's side has a firewall. I'm running on Qwest DSL, so I may not have one. I never had to look into it before.

I'll check out the port forwarding link, but as I said, I have no control over the router on my dad's end (or any router for that matter). I'll also try the port scan.

I agree about a user requesting control. It would be rather intrusive to suddenly have windows opening out of your control and your mouse cursor jumping around. With my solution, I can't control my dad's computer without him first reverse connecting to my web server.

So the 192xxx is the IP they are issuing you, right?

Yes. Let me try to clarify a little.

With my home setup, I've got a DSL router that issues private IP's in the 192.168.x.x range [yep, contradiction to what I said about not having control over any router ... lol. I never needed to use any routing functions on the DSL router, so I didn't even think of it as a router till now]. I believe the router itself has a private IP issued from Qwest (which would make port forwarding on it useless, wouldn't it?) I can't check right now because I'm at my dad's house at the moment.

My dad's computer connects wirelessly to an access point up on a hill overlooking the valley, which in turn connects wirelessly to the ISP's main router. The router has a 168.103.x.x public address. A DHCP server at the ISP issues every client an IP in the 192.168.5.x range.

My web server has a public IP.

That's about all I know.

Port scan the 16xxx addy. You can more than likely access your router by entering the gateway address in a browser. Also have your dad talk to his ISP they will tell you how to connect.

You said you do not have control over your router. While you do not have control over the router at your ISP, if you both have DSL, then you each should have a personal router in your homes. This device may have options available.

At either your computer, or your dads computer (or both), check to see what the computer's default gateway IP address is. Most routers have a web interface, but that web interface is usually only available from inside the network. Do note that your router has two IP addresses, one for inside your home, and one for outside your home (controlled by your ISP).

Open your web browser and type in the ip address of your default gateway. It will probably give you a web page built into your personal router, and ask you for a user name and password. If you have no clue what these are, a quick google of your router model number will probably turn up something (think manufacturer's user manual).

From there, many routers have port forwarding options. Tinker with them, and then try to connect to a port you opened for forwarding.

Good luck.

Well, since I've been over at my dad's for the last couple of days, I haven't been able to look at my DSL router. (my dad doesn't have a DSL router, btw -- it's a wireless (as in radio, not satellite) connection to the ISP, which has the one and only DSL router in the whole network ... ie. a small town setup ). Anyway, I'm home again and upon running the web-based config on my router, I found it has a nice little public WAN IP, contrary to what I thought at first. I had it in my head for some reason that it only had a private address. So, I set up port forwarding on it and was successfully able to have my dad reverse-connect to my computer, which was listening for incoming connections ... I can just see everyone rolling their eyes.

The reverse-connect gives him complete control over whether I connect or not. He can request assistance, plug in my IP, and we're up and running. Now, in the interests of security, I'll work on tunneling through SSH, which won't be difficult now that I know we can connect.

Thanks for the input, everyone. I learned a lot through all this.

Wow... pretty slick... I have a ?

Is it possible to connect to a PC via the COMPUTERNAME(Netbios) instead of the IP address?