Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!

Apple Remote Desktop Administration from a PC with NAT Network
Last weekend I had to connect via VNC/Apple Remote Desktop to the MacBook that manages my mother's business from a PC. This was complicated by the fact that we were both behind NAT routers in different regions of the country.

This hint provided a good start. Unfortunately, I did not have the luxury of advanced setup and all of my machines run Windows XP. These instructions require a slight short-term reduction in the security of your PC; use at your own risk. These steps are quick-and-dirty, some refinements are certainly possible.

Read on for the detailed how-to...

  1. Buy the three-seat Apple Remote Desktop Server 3.x and install it (on the Mac). Supposedly there is way around this using the free client version, but I did not discover that until it was too late so I did not bother to investigate it.
  2. Update the Mac to the latest version (3.2+). This is important.
  3. On the Mac, run this one-line command in a terminal window to enable all Remote Desktop access (it should copy and paste as one line):
    sudo /System/Library/CoreServices/RemoteManagement/\ -activate \
    -configure -access -on -restart -agent -privs -all
    You can choose to be more precise later if you like. See this article for more info.
  4. I'm not sure if this command is also needed, but run it anyway (it should copy and paste as one line):
    sudo /System/Library/CoreServices/RemoteManagement\ -configure \
    -allowAccessFor -allUsers -privs -all
  5. On the Mac, open the sharing control in the main user preferences area. Choose Apple Remote Desktop, choose to enable VNC access, enter a VNC password, and then save.
  6. Restart the Mac. This is the simplest way over the phone to be sure all the daemons are restarted.
  7. On the PC, either turn off Windows' firewall, or figure out how to make sure it stays out of the way. It may be enough to enable port 22 and 5900, but I am not sure.
  8. On the PC, create an account for the user of the Mac. Very few privileges are needed, but you will need to give the password to the Mac user later.
  9. On the PC, follow these instructions to install Cygwin and sshd and start sshd as a service.
  10. On the PC, verify that you can connect via ssh to localhost as the user created in the earlier step:
      ssh -l evan localhost
  11. On the PC, download and install tightVNC for Windows.
  12. No changes from defaults are required for the router or firewall on the Mac.
  13. Determine the LAN IP number of your PC. It probably begins with 192.168; run ipconfig in a Command window to see the details.
  14. From the PC, connect to the PC's gateway router. I connect to a Linksys WRT54G, which is directly connected to my cable modem. By default, Linksys offers a web-based administration tool; I will reference this in examples. Other routers should behave similarly. Presumably a more complicated forwarding scheme could be created in a more complex network. This configuration will need to be corrected if internal or external DHCP leases expire.
    1. Locate the external IP of the router. This is typically the IP number assigned by your ISP. It may be dynamic but it will probably be valid long enough to complete the task at hand. Make sure it does NOT begin with 192.168. LinkSys shows this on the router's status page.
    2. Allow anonymous connections to your router. LinkSys has this on the security tab. Not sure if this is mandatory. Be sure to save changes.
    3. Enable forwarding of port 22. Set up a forwarding rule such that port 22 of the gateway router is forwarded to port 22 of your PC. This is accomplished by setting the router to forward port 22 to the IP number for the PC from the prior step. LinkSys does this on the "Applications and Gaming" tab. Be sure to save changes.
  15. On the Mac, open a Terminal window and execute the following command. Replace evan with the username you created earlier, and replace with your router's externally-reachable IP number that you found above.
      ssh evan@ -R 5900:
    This creates a reverse SSH tunnel, such that all traffic sent to port 5900 on the PC at is forwarded to port 5900 on the local machine (the Mac).
  16. On the Mac, enter yes when prompted to accept a key.
  17. On the Mac, enter the Windows password for the user created earlier. NOTE: If you do this routinely, it is much better to authenticate with an SSH key rather than use a password. (See this hint.)
  18. On the Mac, the prompt in the Terminal window should change to reflect the name of the Windows user. This is a full-blown cygwin terminal session on the PC. If this works, we should be all set to fire up VNC on the PC.
  19. On the PC, open tightVNC (vncviewer.exe) and connect to This tells VNC to connect to port 5900 on the PC which, because of the SSH tunnel created above, forwards all traffic over the internet to port 5900 on the Mac.
  20. Enter the VNC password that you created earlier. Voila! You should see the Mac desktop on the PC in a VNC Window.
  21. When you are finished, you should crank up security again:
    • Enable all security that you turned off on the router.
    • Disable forwarding of port 22
    • Change the Cygwin-sshd service to "manual" and stop it. Note: to restart it, you must run net start sshd inside a cygwin window.
[robg adds: I haven't tested this one, and I'm not sure all the steps as shown are required (or even recommended). I'm hoping the readers can fill in and/or correct any inaccuracies.]
  • Currently 2.75 / 5
  You rated: 5 / 5 (4 votes cast)

Apple Remote Desktop Administration from a PC with NAT | 5 comments | Create New Account
Click here to return to the 'Apple Remote Desktop Administration from a PC with NAT' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
Apple Remote Desktop Administration from a PC with NAT
Authored by: satcomer on Oct 30, '07 07:57:23AM
Well there is a the web site: .

Plus there is even a short video on how to remote to a Mac from a Windows XP machine.

[ Reply to This | # ]
Apple Remote Desktop Administration from a PC with NAT
Authored by: josesuareziii on Oct 30, '07 09:31:54AM

Wow, that's a lot of work. Here's what I do:

1. PC person: configure your router to open and forward port 5500 to the individual PC. While you're connected to your router, write down your public IP address.

2. PC person: run the TightVNC viewer. Hit the Listening Mode button.

3. Mac person: go to, download Schnitz Remote Lite, and run the program. You don't have to install it (it runs fine from the mounted disk image) nor do anything on your router.

4. Mac person: type in the PC person's public IP address and hit the Connect button.

That's it -- the PC is now controlling the Mac.

I like my method better. :)

My method doesn't do SSH tunneling, but it could be added with a few steps. Not worth it, in my opinion, for the occasional tech support connection.

[ Reply to This | # ]
Apple Remote Desktop Administration from a PC with NAT
Authored by: RickyB on Oct 30, '07 10:45:53AM

It's even easier than that. You don't have to install a server on Leopard.

1. Turn on Screen Sharing in Leopard Preferences -> Sharing and make sure to set a password (under Computer Settings)
2. Set your Mac router to forward all traffic on port 5900 to your Mac
3. Download TightVNC on your PC and run it
4. Enter the IP address of the Mac (the router address, not the local address) and the password you set on your Mac and hit Enter
5. You should be connected

I used to do this in Tiger using Vine Server instead of the built-in Leopard VNC server. I still think Vine Server is faster, but I now have one less process running in the background, so that's a win.

[ Reply to This | # ]
Apple Remote Desktop Administration from a PC with NAT
Authored by: emanon on Oct 30, '07 12:52:51PM

Here's my suggestion (I've been using both of these techniques for years):

1: sign up for DynDNS or dynamic DNS (give your IP address a name)
2a: if you can, punch a link through on your NAT router on the Mac side so that some port redirects to port 22 on the Mac.
3a: turn on SSH on the Mac; make sure that VNC/ARD is only locally accessible.
4a: Install PuTTY on your PC, and set up a connection to your Mac's domain that includes a PC to Mac tunnel for port 5900.
5a: Install UltraVNC on your PC, and connect to localhost (keep PuTTY active while doing this).
2b: if you can't manipulate your firewall, install Hamachi from
3b: install Hamachi and UltraVNC on your PC and connect to the Mac's Hamachi IP.

Going the other way, you can use Microsoft's Remote Desktop client for OS X to connect to Windows XP and later. Or, you can install Chicken of the VNC, and connect to the UltraVNC server. SSH Tunnel takes the place of PuTTY.

[ Reply to This | # ]
WTF is this mess
Authored by: Sebhelyesfarku on Oct 30, '07 11:02:05PM

Buying 3-seat Apple Remote Server WTF?

1. Install free Vine VNC server on OS X, start it
2. Install Putty on XP
3. Make a port forwarding on the OS X side router from 443 to 22 to the IP of the inside machine. 443 is https, so it will be open on the Windows firewall
4. Make an SSH tunnel in Putty from local 5900 port to target machine IP 5900 port, connecting to the target router's 443 port
5. Start a VNC viewer on XP, address is localhost or
6. Bingo...

[ Reply to This | # ]