[opensuse] krdc remote control over internet - which IP?
Hello, Somehow I don't understand how to establish a krdc session over the internet. My partner "invites" me per e-mail. I get an invitation that contains the link vnc://invitation:xxxxx@192.168.2.2:0 which is of course his local IP and not usable to reach his computer over the internet... The partner is connected per ADSL using a router with DHCP. So his "internet-IP" and his "machine-IP" are variable. Now, what do I have to type to get access to his machine thru the internet? Thanks for help. Daniel -- Daniel Bauer photographer Basel Switzerland professional photography: http://www.daniel-bauer.com erotic art photos: http://www.bauer-nudes.com/en/linux.html Madagascar special: http://www.sanic.ch -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Wed, 11 Jul 2007, by linux@daniel-bauer.com:
Hello,
Somehow I don't understand how to establish a krdc session over the internet.
My partner "invites" me per e-mail. I get an invitation that contains the link
vnc://invitation:xxxxx@192.168.2.2:0
which is of course his local IP and not usable to reach his computer over the internet... The partner is connected per ADSL using a router with DHCP. So his "internet-IP" and his "machine-IP" are variable.
Now, what do I have to type to get access to his machine thru the internet?
Your partner needs to get his/her public IP address, e.g. with http://www.whatismyip.org , and tell you that address (or sign up with dyndns.com). Then he or she needs to forward port TCP 5900 on the router to the PC on the inside. You then connect to the public IP address and it should then work. Theo -- Theo v. Werkhoven Registered Linux user# 99872 http://counter.li.org ICBM 52 13 26N , 4 29 47E. + ICQ: 277217131 SUSE 10.2 + Jabber: muadib@jabber.xs4all.nl Kernel 2.6.18 + See headers for PGP/GPG info. Claimer: any email I receive will become my property. Disclaimers do not apply. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Wednesday 11 July 2007, Theo v. Werkhoven wrote:
Your partner needs to get his/her public IP address, e.g. with http://www.whatismyip.org , and tell you that address (or sign up with dyndns.com). Then he or she needs to forward port TCP 5900 on the router to the PC on the inside.
Or you could just look at the email headers to pick up said partners IP. It will usually be the bottom one in the list of header hops. But VNC has another option, and that is for the OP to run a listening viewer, and have the partner connect to said viewer. Its made for precisely these situations where one end is behind a firewall. Of course, if both are behind a firewall you have to do the routing trick. -- _____________________________________ John Andersen -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Wed, 11 Jul 2007, by jsa@pen.homeip.net:
On Wednesday 11 July 2007, Theo v. Werkhoven wrote:
Your partner needs to get his/her public IP address, e.g. with http://www.whatismyip.org , and tell you that address (or sign up with dyndns.com). Then he or she needs to forward port TCP 5900 on the router to the PC on the inside.
Or you could just look at the email headers to pick up said partners IP. It will usually be the bottom one in the list of header hops.
I'll bet that the people, who know how to read RFC2822 headers, already know their address too, and do not need to ask here.
But VNC has another option, and that is for the OP to run a listening viewer, and have the partner connect to said viewer. Its made for precisely these situations where one end is behind a firewall.
Of course, if both are behind a firewall you have to do the routing trick.
Having NAT on both sides is quite common nowadays I think, bridging routers or PPPoE is not considered very safe (for 90% of the "consumer" type of clients). (no offence to OP). Theo -- Theo v. Werkhoven Registered Linux user# 99872 http://counter.li.org ICBM 52 13 26N , 4 29 47E. + ICQ: 277217131 SUSE 10.2 + Jabber: muadib@jabber.xs4all.nl Kernel 2.6.18 + See headers for PGP/GPG info. Claimer: any email I receive will become my property. Disclaimers do not apply. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Mittwoch, 11. Juli 2007, John Andersen wrote:
On Wednesday 11 July 2007, Theo v. Werkhoven wrote:
Your partner needs to get his/her public IP address, e.g. with http://www.whatismyip.org , and tell you that address (or sign up with dyndns.com). Then he or she needs to forward port TCP 5900 on the router to the PC on the inside.
Or you could just look at the email headers to pick up said partners IP. It will usually be the bottom one in the list of header hops.
But VNC has another option, and that is for the OP to run a listening viewer, and have the partner connect to said viewer. Its made for precisely these situations where one end is behind a firewall.
Of course, if both are behind a firewall you have to do the routing trick.
thanks for the hint, John, Yes we are both sitting behind firewalls, but I will have to search deeply in my head anyway to retrieve the knowledge about how to open and close a port in the Suse Firewall. Maybe I'll better google as the web might be better organized than my brain :-) Daniel -- Daniel Bauer photographer Basel Switzerland professional photography: http://www.daniel-bauer.com erotic art photos: http://www.bauer-nudes.com/en/linux.html Madagascar special: http://www.sanic.ch -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Mittwoch, 11. Juli 2007, John Andersen wrote:
On Wednesday 11 July 2007, Theo v. Werkhoven wrote:
Your partner needs to get his/her public IP address, e.g. with http://www.whatismyip.org , and tell you that address (or sign up with dyndns.com). Then he or she needs to forward port TCP 5900 on the router to the PC on the inside.
Or you could just look at the email headers to pick up said partners IP. It will usually be the bottom one in the list of header hops.
But VNC has another option, and that is for the OP to run a listening viewer, and have the partner connect to said viewer. Its made for precisely these situations where one end is behind a firewall.
Of course, if both are behind a firewall you have to do the routing trick.
thanks for the hint, John,
Yes we are both sitting behind firewalls, but I will have to search deeply in my head anyway to retrieve the knowledge about how to open and close a port in the Suse Firewall. Maybe I'll better google as the web might be better organized than my brain :-)
Daniel -- Daniel Bauer photographer Basel Switzerland professional photography: http://www.daniel-bauer.com erotic art photos: http://www.bauer-nudes.com/en/linux.html Madagascar special: http://www.sanic.ch -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
I think he meant routers. If you are both behind routers, you will each have to forward port 5900 to the correct internal IP address of your computer. -Brandon -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Wed, 11 Jul 2007, by spleeyah@spleeyah.com:
On Mittwoch, 11. Juli 2007, John Andersen wrote:
On Wednesday 11 July 2007, Theo v. Werkhoven wrote:
Your partner needs to get his/her public IP address, e.g. with http://www.whatismyip.org , and tell you that address (or sign up with dyndns.com). Then he or she needs to forward port TCP 5900 on the router to the PC on the inside.
Or you could just look at the email headers to pick up said partners IP. It will usually be the bottom one in the list of header hops.
But VNC has another option, and that is for the OP to run a listening viewer, and have the partner connect to said viewer. Its made for precisely these situations where one end is behind a firewall.
Of course, if both are behind a firewall you have to do the routing trick.
thanks for the hint, John,
Yes we are both sitting behind firewalls, but I will have to search deeply in my head anyway to retrieve the knowledge about how to open and close a port in the Suse Firewall. Maybe I'll better google as the web might be better organized than my brain :-)
Daniel
I think he meant routers. If you are both behind routers, you will each have to forward port 5900 to the correct internal IP address of your computer.
That's not correct. The 'client' (viewer) side connects from some high-port (1024-65525), and does not require a return connection from the server, so as long as the viewer PC can access high ports on the Internet, all should work. Of course, at $DAYJOB, I do /not/ let company PCs have unrestricted access to high ports on the outside, better safe than sorry with Windows PCs, dealing with company data and passwords etc... Theo -- Theo v. Werkhoven Registered Linux user# 99872 http://counter.li.org ICBM 52 13 26N , 4 29 47E. + ICQ: 277217131 SUSE 10.2 + Jabber: muadib@jabber.xs4all.nl Kernel 2.6.18 + See headers for PGP/GPG info. Claimer: any email I receive will become my property. Disclaimers do not apply. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Thursday 12 July 2007, Theo v. Werkhoven wrote:
Of course, at $DAYJOB, I do /not/ let company PCs have unrestricted access to high ports on the outside, better safe than sorry with Windows PCs, dealing with company data and passwords etc...
Really? So something as simple as web browsing requires all sorts of proxying, and every internet oriented package needs to be proxied or SOCKSified? Sounds like a make work project to me. We have fairly old releases of MSIE running in hundreds of machines each running a lightweight antivirus and SpyBot Search and Destroy. Works. -- _____________________________________ John Andersen -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Thu, 12 Jul 2007, by jsa@pen.homeip.net:
On Thursday 12 July 2007, Theo v. Werkhoven wrote:
Of course, at $DAYJOB, I do /not/ let company PCs have unrestricted access to high ports on the outside, better safe than sorry with Windows PCs, dealing with company data and passwords etc...
Really? So something as simple as web browsing requires all sorts of proxying, and every internet oriented package needs to be proxied or SOCKSified?
No proxy, just a limited set of ports that I allow to connect to, like web, pop3(s), imap(s), vpn, ftp etc., and some special ports for accounting and airline reservation packages (but only to and from specific hosts).
Sounds like a make work project to me.
Not really, in the logs I can see hundreds of attempts to ports on the outside being dropped every day, but unless it's really work-related, no-one complains if e.g. their internet-radio connection or other non-essential things do not work. With Shorewall it's a matter of minutes to add an ALLOW if needed, but that doesn't happen more than once in a (long) while. You'd be surpised with how little a normal company can do Internet-wise.
We have fairly old releases of MSIE running in hundreds of machines each running a lightweight antivirus and SpyBot Search and Destroy. Works.
We focus on our work, rather than the weaknesses of the OS on our PCs. Theo -- Theo v. Werkhoven Registered Linux user# 99872 http://counter.li.org ICBM 52 13 26N , 4 29 47E. + ICQ: 277217131 SUSE 10.2 + Jabber: muadib@jabber.xs4all.nl Kernel 2.6.18 + See headers for PGP/GPG info. Claimer: any email I receive will become my property. Disclaimers do not apply. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Thursday 12 July 2007, Theo v. Werkhoven wrote:
On Thursday 12 July 2007, Theo v. Werkhoven wrote:
Of course, at $DAYJOB, I do /not/ let company PCs have unrestricted access to high ports on the outside, better safe than sorry with Windows PCs, dealing with company data and passwords etc...
Really? So something as simple as web browsing requires all sorts of proxying, and every internet oriented package needs to be proxied or SOCKSified?
No proxy, just a limited set of ports that I allow to connect to, like web, pop3(s), imap(s), vpn, ftp etc., and some special ports for accounting and airline reservation packages (but only to and from specific hosts).
Ok, I misread your post as limiting the high ports that software could use to access remote sites. You are limiting remote ports (targets). Of course lots of nasty things just port 80..... -- _____________________________________ John Andersen -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Mittwoch, 11. Juli 2007, Theo v. Werkhoven wrote:
Wed, 11 Jul 2007, by linux@daniel-bauer.com:
Somehow I don't understand how to establish a krdc session over the internet. ... Now, what do I have to type to get access to his machine thru the internet?
Your partner needs to get his/her public IP address, e.g. with http://www.whatismyip.org , and tell you that address (or sign up with dyndns.com). Then he or she needs to forward port TCP 5900 on the router to the PC on the inside.
You then connect to the public IP address and it should then work.
Theo
Thanks, Theo. I will have to visit the partner personally to set the port thing in his router, as he is new on Linux - I convinced him to move from Win to Suse 10.2 and he likes it very much, but is still afraid of changing something without having me sitting right by his side :-) But now I know what I have do do then. thanks. Daniel -- Daniel Bauer photographer Basel Switzerland professional photography: http://www.daniel-bauer.com erotic art photos: http://www.bauer-nudes.com/en/linux.html Madagascar special: http://www.sanic.ch -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
participants (4)
-
Brandon Carl -
Daniel Bauer -
John Andersen -
Theo v. Werkhoven