From: Bob M. <rvm@CBORD.com> - 2012-07-31 19:25:44
|
> From: Robert Johnston [mailto:an...@gm...] > Sent: Tuesday, July 31, 2012 3:07 PM > To: Je Caste > Cc: vnc...@li... > Subject: Re: remote access to many computers behind a firewall? > > On 7/31/2012 12:40 PM, Je Caste wrote:> Hello everybody > > I'm sure it's not the 1st time but hey I'm no pro and I'm hopeless, I > > count on you :) > > > > I want to get remote access from my home to my job. At job, I have like > > 20 different computers, half are connected to an ISP, the other half to > > another ISP. > > > > Of course, all the computers from one half share the same public IP > > address, and each has his own local IP address. > > > > How can I do to have the ability to connect to any of those computers > > with a tight vnc session? > > One way you could do it is to set up multiple forwards on your firewall. > For instance: > > *:8000 -> 10.0.0.1:8000 > *:8001 -> 10.0.0.2:8000 > *:8002 -> 10.0.0.3:8000 > > And so on. > > Alternatively, and for much tighter security, you can use an SSH tunnel. > So you connect through the firewall using SSH, then use SSH port > forwarding to connect to the various machines inside the firewall. Or > you could use a VPN (as this kind of task is exactly what a VPN is > designed for). > > There are multiple options. It's up to you to choose what works best for > your requirements. >From the looks of it, you have two separate NAT firewalls, one for each ISP. Then you have two separate subnets behind those firewalls, with local addresses assigned by the firewalls. Do you have an internal gateway between those two subnets, or do you have to go out through the firewalls to get from one to the other? If there is no internal connection between them, you will have to set up the external connection on both subnets. My first choice would be to see if either of those firewalls support a VPN connection. That would allow you to establish a secure pipe from home to the office. Then you can connect to the office computers without having to worry about who is sniffing at your traffic. You can run the VNC connection through the pipe as if you were on one of the computers at work. The next choice would be to set up one of the computers at the office to accept a VPN connection and set the firewall to forward those connections to that computer. This is a little more involved due to the forwarding you need on that computer to reach the others. It's simpler on the firewall since that's already set up to do the forward connections. To get beyond this, we need more information about your firewalls. There are simply too many variations to cover in a quick email. Bob McConnell |