Remote control of computers over the internet

[jrsweger]

I'm trying to remote control some computers over the internet using Symantec's "pcAnywhere" software. I'm not up on all the networking stuff but thought that I'd be able to figure it all out. My problem is I can't seem to be able to ping my remote's IP address (that I got from "Whatsmyip.com") from my home. I get similar results when I try to ping my home IP address from work, usually request timed out and destination net unreachable. I'm obviously missing something. Anyone have any ideas? Can anyone recommend a good book to read to learn more about networking, IP addressing, firewalls, etc?

[muno]

Your firewall probably blocks icmp traffic (pings get dropped), in modern internet, pings are pretty useless.

Your computer probably works even though it doesn't respond, and if you have pcanywhere running and a hole opened in the firewall it will work.

[muno]

Good point (though it probably doesn't because it's obtained from www.whatismyip.com), but IF you are a part of larger network and your computer has (ipconfig /all from command prompt) says something different than whatismyip.com you need to forward ports, too, from the computer/box doing routing.

[jrsweger]

No, in this case, the remote (pcAnywhere calls it the host) is actually going to be my home IP since I'm using this as a test site. My remote eventually will be an hours drive from my home. My home IP as shown by www.whatismyip.com is 66.xx.x.xx. I am hooked up through cable and I run the output of the cable modem into a linksys router/wireless access point (wrt54g) in which I have 3 computers hooked up. My intent for now is to commandeer a friends computer close by to be the main and try to control one of my home computers. So, then of course my network does show (internally) 192.xx.xx.xx and I would assume that I will need to provide some sort of permission or open a port or something to allow me to actually gain access to the machine. Yes/no????

[DrDave1958]

Forget about the ping test.

First, forward the port in your router to the machine you want to connect to. e.g. If the target machine's IP is 192.168.1.2, then forward port (5632 I think) to that machines IP. You can verify which port you need to forward by looking in PCanywhere settings on that machine.

BTW: You can test this from home by connecting to the target machine with PCanywhere via the internet. Go to another machine and setup a connection and under settings>Network pc to control, put in your WAN IP (66.xx.x.xx).

When the port is forwarded properly, you will connect to the target machine.

It's really good to test this from home because you see if there are any conflicts such as a firewall.

-Dave-

[jrsweger]

Dave, good idea! I will try that sometime tomorrow as time permits and will report back. And here I was going to go grab a friends PC to do that... So much simpler to do it here. Thanks.

[James T]

If WinXP SP2 you need to create a rule in your firewall that permits 5631 AND 5632 as incoming packets, you can define this per application or per port, per application obviously providing more security. NOTE one port is UDP the other is TCP, you must get this right (I'm at the wrong pc to check at the moment) or it won't work. Start with simple pcAnywhere security, once you've got it working then up the security in pcAnywhere. You can do public key through this but aaargh.

[jrsweger]

Here's the followup. It took some time for me to find the appropriate settings to forward the ports (had to get the right ones too) on my router but I can access the remote using the 66.xx.xx.xx IP address. My next big challenge will be to move the remote back to its original home, about an hour from me. I hope the DSL line there doesn't throw me any curves. Thanks for all the help so far.

[jrsweger]

Finally had a chance to borrow a friends computer and tested my ability to access remotely. Had success getting in and was able to control the PC remotely. Note that both computers, host and remote, were on the same ISP (Road Runner). The next challenge will be to take the remote back to its original location and its DSL ISP and attempt connection there. To those familiar with DSL, should I expect anything different than what I have with RR?

[DrDave1958]

AFAIK there is no difference other than speed. (I use DSL)

On a side note, I've used PCAnywhere, VNC, and XP's remote desktop, and I prefer remote desktop (refresh is better).

-Dave-

[jrsweger]

Took the computer to its remote location this afternoon. Hooked up the DSL modem (speedstream 5200), checked to see what his IP address was and configured pcAnywhere just like I had it set up at my house. Couldn't make it work at all.

I called up the support number for the DSL and at first they couldn't help either. Had me try a number of things with port forwarding, setting up DMZ (??) then they had me "bridge" the modem. I then had to set up a network connection using the wizard. Now to get at his "always on" connection, I have to click on the connection icon to make a connection. Not what we want exactly but didn't realize this till after we hung up with support.

It also seems like the IP address changes everytime we reboot the computer. Not the best thing if we are trying to gain access remotely. I know we can go through dyndns to fix this but again this constant change is a hassle.

Ok, my question is, how can I make this new connection method automatic everytime we reboot? My suggestion was to throw out DSL and change over to cable.

Anyone have any thoughts on the problem connecting through the DSL modem?

[James T]

OK so you managed to make it work going into your home box (DSL->Wireless->3 PCs) from a friends PC, so you must have gone (Friend->DSL->Inet_via_RR->DSL->Wireless->1_of_your_3) and you are now attempting (somewhere->Inet->DSL->Remote).

What is the final (DSL->Remote) connection USB or Ethernet? Speedstream seems to support either. If USB then it should simply be a matter of correctly opening the target ports in the firewall. If Ethernet then you'll need to port forward in.

[jrsweger]

Let's see, here is what I had here at home. Friends PC (connecting remotely) -> RoadRunner (cable modem) -> Internet -> RoadRunner (cable modem) -> my router (port forwarded) -> host computer (test machine).

Here is the remote location (Note, pcAnywhere considers this the host). Also note that what we tried was to make a test connection by connecting the remote to itself by going out to the internet and back in again. I was successful initially doing this at home, that's how I was able to first make this whole thing work.

Test machine (acting as remote) -> DSL modem -> Internet -> DSL modem -> Test machine (acting as the host). End result was a no connection.

I attempted to go through port forwarding just like my home router with no success. Technical support also had no answers for this. They then had me try the DMZ route with the same result.

The way the DSL modem is now set up, all of the features have been disabled. There is no port forwarding, DMZ, firewall, etc. Basically, I believe the guy said that the modem is now just a passthrough.

The other drawback is that now we have to manually force the connection (so much for always on) each time we boot the machine.

As I said in my previous post, I feel we should just dump DSL and go with cable.

[James T]

DSL / Cable ... this choice is irrelevant. We are in Network and Transport layers here not Physical and Data Link.

These are the key items ...
- The host listens on 5631 (DataPort or TCP) and 5632 (StatusPort or UDP).
- The host firewall configured to accept these and allow the host software to connect.
- The remote firewall similarly configured to allow pcAnywhere to get out.
- Host and remote pcAnywhere security configurated with compatible settings.

When you go to a what's my ip web site what's your ip? at the host? at the remote?
When you type ipconfig at the command prompt what's the ip? at the host? at the remote?
What is the connection between the DSL modem and the computer, USB or Ethernet? at the host ? at the remote?

[jrsweger]

host ip (at the remote location) changes so much, I'll give you what it was when I left there yesterday. 216.222.xx.xx IPCONFIG shows 192.168.xx.xx
When I talked to tech support, they said that their IPs vary all over the place and that this was valid

remote ip (at my home) 66.24.x.xx IPCONFIG shows 192.168.1.xx (depending on which computer I use) (Note that I have a router in line between modem and computer)

both connections from modem to computer are ethernet.

Please also note that this setup was at my house for a few weeks and it worked from there. I was able to access from a location 5 hours from my home at my daughters college. Had no problem connecting at all. The only difference in this setup from when it was at my house is the DSL modem.

I setup port forwarding just like you show it, TCP 5631 and UDP 5632. I disable all firewalls, both on the DSL modem and windows XP. pcAnywhere software config was not changed from when it was hooked up here at my house.

James T, I think that covers all of your questions. Let me know if I missed something.

[James T]

No, from your description is sounds like it should be working.

I assume that you used the following process (http://www.portforward.com/efficient...forwarding.htm) for forwarding the ports on 216.222.255.88 for 192.168.254.1. Of course 192.168.254.1 needs to be static even if the 216... is dynamic so the port forwarding can work.

I am also assuming NAT is working. If you can access web sites without any proxy configuration then it should be OK. There is a little bit of magic goes on with NAT and UDP and the remote end as UDP is connectionless, so your remote (or home) end NAT needs to be correctly returning the UDP response packet.

Bridging is something I know nothing about so if you use this ... perhaps someone else can make a suggestion.

Having a nose around older versions of pcAnywhere than 7.52 use different port numbers (65301 and 22). I've only used 10.5 in this sort of arrangement (now upgraded to 11 and haven't checked it but expect it works still).

Also have a look at this symantec page: -
http://service1.symantec.com/SUPPORT...&osv=&osv_lvl=

In sorting the connection details I sometimes use ethereal, packet sniffing for 5631 and 5632, to help see where the connection is failing.

[DrDave1958]

I plugged in the ip you've provided into my PCAnywhere (ver 10.5) and I can connect. It's asking for a username and password.

11/28/04 3:45PM EST

-Dave-

[James T]

That's a seriously good pointer to where the problem is, it's at your home site. It is also a seriously good pointer to the fact that you must use and enforce reasonable security within pcAnywhere.

[jrsweger]

I would expect this to work now since we basically have all the functions disabled in the modem. It is setup to be in passthrough mode so there is no need to do any port forwarding etc. I know we have a serious security issue too at this point and will be fixing this in the very near future.

The problem as I see it is when we have the modem setup to do the port forwarding etc. we cannot gain access. James T, thanks for the links, I will be studying them to see if it leads me anywhere.

DrDave, thanks for letting me know you can connect too since I hadn't had a chance to check the connection from my house. I will be editing out the IP address here shortly to avoid any further exposure.

[jrsweger]

James T, can you also make the change to your post?