I have been following this thread but I don't have much to add since I am not a MAC person.
One thing puzzles me however; if all the systems on the network can get to all the other systems, do you really need multiple DHCP servers - I realize they assign IP addresses out of different pools, but having two DHCP servers just adds a level of complexity you don't need. My network is somewhat similar to yours. I have an Internet connection coming into the network through a Linksys router and a Copper Mountain DSL modem (Your modem and router is in one box from your description). The connection from the router goes into another 'hub' (all networked systems are plugged in here) which makes the Internet Connection available to everyone on the network. My DHCP server is a process running on a Win2000 Server which is on the network. The Internet connection is a static IP address but mainly so that external users have a fixed target to connect to (a dynamic address is subject to variations so the user may be trying to connect to the wrong thing - but once it gets past the router the issue of whether the external address is static or dynamic is moot. I use VPN so on the router I have port 1723 of TCP/IP (and protocol 47) forwarded to my Win2000 Server (which also has a static address - but a local one 192.168.1.200) and it forwards the packet to the right system. (forwarding VPN is similar to forwarding VNC but when you have VPN you don't need to forward VNC since your system appears on the local network). As you can see I have two levels of forwarding (the router and the server) - very similar to yours. The way you described the network it sounds like your MAC operates as a bridge between the two networks (the LAN and the Internet - via the DSL 'modem'). If it is really a bridge it will pass ALL packets (Routers pass packets selectively - if they have a path defined for them). Can you just set up one forward in the DSL 'modem' which will pass the VNC traffic on TCP port 5900 to its final destination (the VNC server which better have a static address - even if it is local - or you will trying to hit a moving target!). Alan. Alan Watchorn [EMAIL PROTECTED] (760) 692-4300 -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of PicaRules Sent: Monday, January 10, 2005 11:23 AM To: [email protected] Subject: RE: Getting past *two* NAT routers John, The DSL/PPPoE "modem" itself is the one-port NAT "router." It has my account info (DSL user ID & pw) stored in it, and currently gets the only "real" IP when it's turned on, regardless of whether any computer is connected. The Mac [not MAC! that's something else ;-) ] doesn't even know its real IP when I just have the one machine and no LAN. (Sorry to rehash elementary concepts, and correct me if I err.) Yes, I can (and do, actually) manually tell the Mac it has a 192.168.x.x IP, and turn off the modem's DHCP (from Server to None; can also be Relay, which I haven't tried). Or did you mean to hard-code it into the modem? Even when the modem is told to act as a DHCP server and the Mac's DHCP client status is Automatic, I effectively assign an IP manually because of the modem's one-user limitation I mentioned. Still curious what the modem's setting for _bridge_ (is No, can be Yes) means. Does it by any chance pass the public IP on to the Mac at the other end of the Ethernet cable? Is it related to Relay in the DHCP mode? Beyond these questions lie more about the modem. Besides Bridge and Relay I can toggle Route IP (is On), Route IPX (is Off) and set IP Address assignment to Static (with address 0.0.0.0) even though my account is dynamic; set up and assign Ethernet Input and Output Filter Sets and IP Policies (criteria/action sets)... something tells me this last item, IP Policies, is the jackpot I've been chasing, for assigning port 5900! ...and more, even go into a command line interface (and get out of it, almost a miracle)! I'm completely in the dark as to how to create an SSH tunnel, but I expect that's beyond the scope of this discussion. The crystal ball is getting clearer though! -----Original Message----- From: John Aldrich <[EMAIL PROTECTED]> Sent: Jan 10, 2005 9:12 AM To: 'PicaRules' <[EMAIL PROTECTED]>, [email protected] Subject: RE: Getting past *two* NAT routers Can you hard-code an IP for the MAC? What about hard-coding IP addresses in the rest of the machines you want to access using VNC? I only have two machines on my LAN at home, and my situation is a bit different -- I'm behind a NAT router which is also a 4-port network switch. But if I need to access my machines at home, I just tell my router to port-forward port 5900 to my wife's Windows machine and port 5901 to my linux box. Or, I would, in theory. In actuality, I only use one port -- the SSH port since I'm using an ssh-tunnel. How about something like this.. create an SSH tunnel to the MAC and port-forward from it to the other machines on the LAN? That way you should only need one port forwarded out of your modem. AND, you get a secure connection that 1) is unlikely to be hacked or 2) sniffed. :-) John -----Original Message----- From: PicaRules [mailto:[EMAIL PROTECTED] Sent: Monday, January 10, 2005 11:47 AM To: [email protected] Subject: Re: Getting past *two* NAT routers Joe, Thanks. This is perfectly clear, and accurate. The DSL modem uses Ethernet, not USB; I *do* have two NICs (10/100) in the Mac, and the Mac is known by 192.168.1.2 to the DSL modem, while it is 192.168.2.1 to the LAN. I *do* have some control of the DSL modem, although as I said it seems it won't allow me to increase the number of LAN clients. (Maybe this is because I didn't change the LAN-side subnet mask from 255.255.255.252 to 255.255.255.0? I *can* change _Size of Client IP Pool_) There are more settings available to me using Telnet than using the Web-based configurator... I wonder if an alternate solution is to reset the DSL modem's DHCP from _server_ to _relay_ (and toggle _bridge_ from _No_ to _Yes_, one of the Telnet-only _General_ settings?). I can set the Mac to access the WAN through PPPoE; wouldn't the Mac itself then be assigned the public IP address? In this case I would not be running two DHCP servers. But I'm a little hesitant to try this because I don't know what else would require setup. On the modem, there is a _NAT mode_ which can be _None_ or _SUA Only_ and a port/IP table under _SUA Only_; is this where I open ports? The OS X NAT router gives me no control at all other than 'on' and 'off.' (The only way I know what its IP range is, is by looking on a downstream machine.) Joe Brown -----Original Message----- From: Joe Kexel <[EMAIL PROTECTED]> Sent: Jan 8, 2005 9:57 PM To: [email protected] Subject: Re: Getting past *two* NAT routers I am uncertain of exactly what your network diagram would be. I will assume 2 nics in the Mac. One going to the modem (USB?) and one to your lan. In that case, the DHCP servers are not a problem for each serves a different network. Not knowing all the details of OS X Internet Sharing, I guess its a NAT configuration. Your big problem is that you are a running a NAT network behind another NAT network. You will need port forwards on both the router (to the Mac) and the Mac to each machine you wish to connect to. Use port 5900 to the Mac. Normally for my clients I just connect to one machine via port forwarding or SSH port forwarding and then use a vncviewer on that machine to get to the rest of the lan. The double NAT can be difficult, if you do not have control of the router. If, you wish to have open ports for each machine directly, then you continue with 5901 to the Mac and forward that to Machine A, 5902 to Machine B and so on. I hope this helps. I know more of Linux than OS X, I run Yellow Dog on a G4. Anyway, good luck! > Hello, > > My DSL is served by PPPoE; the DSL modem is a mini-router allowing only > one (192.168.1.2) address. I think I understand the port assignments when > a single router serves multiple boxes. But I serve my LAN via a second > DHCP server, the Mac OS X box itself (Internet Sharing). So not only the > modem but also the main box is both a LAN client and a DHCP server; it > doesn't have a "real" IP address to begin with, and in fact is known by > two (the PPPoE modem is given the real one). What will get me to the other > machines on the LAN? Manual port setting? > _______________________________________________ > VNC-List mailing list > [email protected] > To remove yourself from the list visit: > http://www.realvnc.com/mailman/listinfo/vnc-list _______________________________________________ VNC-List mailing list [email protected] To remove yourself from the list visit: http://www.realvnc.com/mailman/listinfo/vnc-list _______________________________________________ VNC-List mailing list [email protected] To remove yourself from the list visit: http://www.realvnc.com/mailman/listinfo/vnc-list _______________________________________________ VNC-List mailing list [email protected] To remove yourself from the list visit: http://www.realvnc.com/mailman/listinfo/vnc-list _______________________________________________ VNC-List mailing list [email protected] To remove yourself from the list visit: http://www.realvnc.com/mailman/listinfo/vnc-list _______________________________________________ VNC-List mailing list [email protected] To remove yourself from the list visit: http://www.realvnc.com/mailman/listinfo/vnc-list
