John, The DSL/PPPoE "modem" itself is the one-port NAT "router." It has my account info (DSL user ID & pw) stored in it, and currently gets the only "real" IP when it's turned on, regardless of whether any computer is connected. The Mac [not MAC! that's something else ;-) ] doesn't even know its real IP when I just have the one machine and no LAN. (Sorry to rehash elementary concepts, and correct me if I err.)
Yes, I can (and do, actually) manually tell the Mac it has a 192.168.x.x IP, and turn off the modem's DHCP (from Server to None; can also be Relay, which I haven't tried). Or did you mean to hard-code it into the modem? Even when the modem is told to act as a DHCP server and the Mac's DHCP client status is Automatic, I effectively assign an IP manually because of the modem's one-user limitation I mentioned. Still curious what the modem's setting for _bridge_ (is No, can be Yes) means. Does it by any chance pass the public IP on to the Mac at the other end of the Ethernet cable? Is it related to Relay in the DHCP mode? Beyond these questions lie more about the modem. Besides Bridge and Relay I can toggle Route IP (is On), Route IPX (is Off) and set IP Address assignment to Static (with address 0.0.0.0) even though my account is dynamic; set up and assign Ethernet Input and Output Filter Sets and IP Policies (criteria/action sets)... something tells me this last item, IP Policies, is the jackpot I've been chasing, for assigning port 5900! ...and more, even go into a command line interface (and get out of it, almost a miracle)! I'm completely in the dark as to how to create an SSH tunnel, but I expect that's beyond the scope of this discussion. The crystal ball is getting clearer though! -----Original Message----- From: John Aldrich <[EMAIL PROTECTED]> Sent: Jan 10, 2005 9:12 AM To: 'PicaRules' <[EMAIL PROTECTED]>, [email protected] Subject: RE: Getting past *two* NAT routers Can you hard-code an IP for the MAC? What about hard-coding IP addresses in the rest of the machines you want to access using VNC? I only have two machines on my LAN at home, and my situation is a bit different -- I'm behind a NAT router which is also a 4-port network switch. But if I need to access my machines at home, I just tell my router to port-forward port 5900 to my wife's Windows machine and port 5901 to my linux box. Or, I would, in theory. In actuality, I only use one port -- the SSH port since I'm using an ssh-tunnel. How about something like this.. create an SSH tunnel to the MAC and port-forward from it to the other machines on the LAN? That way you should only need one port forwarded out of your modem. AND, you get a secure connection that 1) is unlikely to be hacked or 2) sniffed. :-) John -----Original Message----- From: PicaRules [mailto:[EMAIL PROTECTED] Sent: Monday, January 10, 2005 11:47 AM To: [email protected] Subject: Re: Getting past *two* NAT routers Joe, Thanks. This is perfectly clear, and accurate. The DSL modem uses Ethernet, not USB; I *do* have two NICs (10/100) in the Mac, and the Mac is known by 192.168.1.2 to the DSL modem, while it is 192.168.2.1 to the LAN. I *do* have some control of the DSL modem, although as I said it seems it won't allow me to increase the number of LAN clients. (Maybe this is because I didn't change the LAN-side subnet mask from 255.255.255.252 to 255.255.255.0? I *can* change _Size of Client IP Pool_) There are more settings available to me using Telnet than using the Web-based configurator... I wonder if an alternate solution is to reset the DSL modem's DHCP from _server_ to _relay_ (and toggle _bridge_ from _No_ to _Yes_, one of the Telnet-only _General_ settings?). I can set the Mac to access the WAN through PPPoE; wouldn't the Mac itself then be assigned the public IP address? In this case I would not be running two DHCP servers. But I'm a little hesitant to try this because I don't know what else would require setup. On the modem, there is a _NAT mode_ which can be _None_ or _SUA Only_ and a port/IP table under _SUA Only_; is this where I open ports? The OS X NAT router gives me no control at all other than 'on' and 'off.' (The only way I know what its IP range is, is by looking on a downstream machine.) Joe Brown -----Original Message----- From: Joe Kexel <[EMAIL PROTECTED]> Sent: Jan 8, 2005 9:57 PM To: [email protected] Subject: Re: Getting past *two* NAT routers I am uncertain of exactly what your network diagram would be. I will assume 2 nics in the Mac. One going to the modem (USB?) and one to your lan. In that case, the DHCP servers are not a problem for each serves a different network. Not knowing all the details of OS X Internet Sharing, I guess its a NAT configuration. Your big problem is that you are a running a NAT network behind another NAT network. You will need port forwards on both the router (to the Mac) and the Mac to each machine you wish to connect to. Use port 5900 to the Mac. Normally for my clients I just connect to one machine via port forwarding or SSH port forwarding and then use a vncviewer on that machine to get to the rest of the lan. The double NAT can be difficult, if you do not have control of the router. If, you wish to have open ports for each machine directly, then you continue with 5901 to the Mac and forward that to Machine A, 5902 to Machine B and so on. I hope this helps. I know more of Linux than OS X, I run Yellow Dog on a G4. Anyway, good luck! > Hello, > > My DSL is served by PPPoE; the DSL modem is a mini-router allowing only > one (192.168.1.2) address. I think I understand the port assignments when > a single router serves multiple boxes. But I serve my LAN via a second > DHCP server, the Mac OS X box itself (Internet Sharing). So not only the > modem but also the main box is both a LAN client and a DHCP server; it > doesn't have a "real" IP address to begin with, and in fact is known by > two (the PPPoE modem is given the real one). What will get me to the other > machines on the LAN? Manual port setting? > _______________________________________________ > VNC-List mailing list > [email protected] > To remove yourself from the list visit: > http://www.realvnc.com/mailman/listinfo/vnc-list _______________________________________________ VNC-List mailing list [email protected] To remove yourself from the list visit: http://www.realvnc.com/mailman/listinfo/vnc-list _______________________________________________ VNC-List mailing list [email protected] To remove yourself from the list visit: http://www.realvnc.com/mailman/listinfo/vnc-list _______________________________________________ VNC-List mailing list [email protected] To remove yourself from the list visit: http://www.realvnc.com/mailman/listinfo/vnc-list _______________________________________________ VNC-List mailing list [email protected] To remove yourself from the list visit: http://www.realvnc.com/mailman/listinfo/vnc-list
