Remote to PC

I am using a router , 2 PC's and a cable modem at home.
I would like to remote control my home pc from work from time to time. It is a linksys router. Can anyone help me in setting this up with netmeeting so that I may connect to my home pc using a web browser? I believe it can be done securely but need some help ...Thank you much!!!

JD

 

It can semi/pseudo/sorta/maybe usually be done.

Now for an explanation. It will be long. But I don't know of a way to have it makes sense without some detail on most of the pieces that have to fit together. We'll get to the secure communication part after a bit.

In short, the problems are two

- unless your ISP is unusual, your home router will not always have the same IP address but will have one assigned from a pool of them the ISP controls. And what you want to do depends on your work system knowing the address of your home network.

- your router has the "real" IP address that your work PC can talk to if it can be told what the address is. Your two home PCs have addresses given them by the router and they are not "real" in the sense that outside systems would be able to talk directly to them.

DNS (domain name system)
Internet systems and many local area networks use DNS to allow network devices to locate each other. Specialized servers running DNS will maintain a database of Names (like your PC name) and the IP address that matches that name. The database is updated regularly so as information changes, the DNS server will be aware of those changes.

When your PC tries to find http://www.someplace.com (which has an IP address of 12.142.30.174) it will query the nearest DNS server for a match. That server will either have the information and provide it or else pass the request along to a larger/higher level DNS server until one is found that can help. Only after your PC finds out the IP address that matches the URL will it begin to talk to that location.

If you happen to know the IP address and like typing in numbers, you can avoid the whole DNS thing for the most part and could simply put in http://12.142.30.174 and your PC will know to use http packets and exactly what machine to talk to.

But your ISP will only know (and be able to pass along) the address of your router.

Routers
For talking on a local network (subnet) routers are not needed and not used. The devices can simply find and talk to each other. But to reach any machine not on the same subnet, they must have a router that knows which addresses are local (and can be ignored) and which are outside somewhere. In that case, the router will either know the exact location or will pass the packet along to a higher level router until one is found that can locate the address.

By design there are three sets of "private" addresses that are never assigned and that will not pass thru a router. The most common we deal with are the 192.168.x.x ones that the home networks use and that the common router/switches assign to your local PCs. 172.16.x.x to 172.31.x.x is also private and for larger networks while 10.x.x.x is the same but for really huge networks. No PC with one of these addresses can talk to another PC if the packet needs routing.

Your home PCs probably have 192.168.1.x or 192.168.0.x addresses which will not route.

NAT (network address translation)
The home router/switches use NAT so they can take a single assigned IP address ( a "real" one) from your ISP and allow multiple PCs on your local network to talk out to the internet.

NAT assumes the conversation will be started by a PC it controls and operates basically as follows. PC1 wants to reach http://www.someplace.com and send a packet addressed to it. NAT intercepts the packet, stores detail about it in a database, and changes the packet to have the router's IP address in the header rather than that of PC1. When http://www.someplace.com responds back to the router, that packet is examined and matched to the original so the router knows that PC1 started this conversation. NAT then modifies the packet to have the IP address of PC1 rather than it's address and sends the packet to PC1.

Any packet addressed to the router that it can't match to an originating PC is simply discarded. So even if your work PC knew the router's IP address and sent a packet, it wouldn't go to a PC.

Port Forwarding (to bypass NAT)
You can set the router's port forwarding so that any network traffic of a specific type (usually FTP or game packets or similar) are sent to a specific PC on your LAN and no checks are done. But it is an all-or-nothing thing so if you have FTP packets forwarded to PC1 then PC2 would never see them. This particular work around is usually done if you operate an FTP server or game server or if you play multi-player internet games and want a PC to respond when some other outside PC tries to open up a conversation.

VPN (virtual private network)
This is maybe what you were wanting. Secure comms via web browser between networks. Or possibly the remote control feature available with 2K/XP. Problem is - it will only work if there is a way to get the two machines talking and in your particular case, probably not possible unless your PC at home started the conversation.

General comments
If you would benefit by only being able to remote one of your home PCs and if you were willing to check the IP address of your home router before heading out to work, you can do what you want with some setting up. Chances are excellent that if your router says powered up it will maintain the same IP address quite a while since near the end of it's current address lease, the ISP's DHCP server would check to see if it is on and, if so, reassign the same address (extend the lease so to speak).

So I guess my question is, knowing the limitations inherent in the setup you have, is this worth trying to do. If so, we'll need more detail.

 

Thanks much for the great response. Especially the time it took to write it up. It is very good and it will get me started along the right path..I will now have something to work with and a better understanding at that!!! Have a wonderful day....I will let you know how it goes.....

JD

 

Hope it helps JD. And if more questions arise feel free to ask.

Truth be told, I love trying to put the networking stuff in English. And I often find an area I need to research a little to get really clear on it myself in order to write about it.

 

Remote again

Thanks again...I am writing you this from my work PC. Of course the router in question has the non-routable address as you spoke of. Which is 192.168.x.x. Also the PC's each have a similar one which is 192.168.x.x and 192.168.x.x. The router's IP, when looking at its configuration shows its 192.168.x.x address as the "LAN" address and then there is listed a "WAN" address which looks to be more of a routable address. My next step is to try to ping the WAN IP address. I have to try this tommorrow as I left the infor at home. But if my memory serves my correct I don't think I could ping any of the home IP addresses I had. I think the router has to be configured to allow my work PC to get through. Not sure maybe you can assist again or at least let me know if I am on the right track. I only need to get to one of the pc's at home. Maybe once I get basic communication through (Ping) I can then try to set up the remote with netmeeting or a similar program.....Talk to you soon...Again , thanks a bunch for your time....Have a great day!!! : )

JD

 

What Application are you using for Remote Access?
If your using remote desk top or terminal services you need to simply foward port 3389.
Go into the Admin page of the linksys from your brouser by typing 192.168.1.1 in your address bar.
Log into the router. The default login is user name blank and password of admin.
Go to the advanced tab or the router configuration page and then to the fowarding tab.
Foward 3389 to your lan PC that you want to connect to remotely.
If you go back to the setup tab and then click on the statis tab the router will give you your current wan IP addresss.
If your using PC Anywhere I think it's deffault port is 5631 and 5632.

 

AND...

Newt and SSP have covered most of the hard networking issues that I know of. I have another thread that is a little more technical in scope that I'm trying to get help on RE: Timbuktu Pro.

Nonetheless, your situation is really pretty easy to setup. I happen to know that TBK2 Pro can deal with your DHCP address at home via their private DNS system which keys off of your e-mail address (or any other secret name you want to give your home machine) when TBK2 Pro is turned on, it reports in to the DNS server and registers your home DHCP address so you can find it remotely and get a connection.

I do not see why PCAnywhere or some other professional VPN software would not have a similar feature. ALSO, I like the fact that PCAnywhere only uses two static ports and WRM uses ony one. So far as I can tell (which doesn't carry much weight really) TBK2 uses a very large range of ghost ports that remain open and can potentially compromise security. You can apparently get in to its system setup and assign a short range of static ports if you have the time, patience and additional software but I'm not that persistent myself, I want simple and quick.

Hey Newt (et al), is there a simple way that a VPN host can be set up to respond ONLY if, say for instance, an encoded hanshake request is sent by the client? That would at least put one more layer of security between a port scan and a password window. One similar example is that my wireless router at home is set for LAN MAC filtering which means it won't respond to a LAN MAC address that is not in it's explicit list of clients. However, on the WAN side it has no such feature. (that I understand or know how to use at least)

Hmmm...gotta get back to work...
Nate