Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!

A workaround for Remote Desktop's fixed VNC port Network
Apple's Remote Desktop client is the only VNC server I've found that could display both of my displays (G4 with dual video output, connected to two 1600x1200 monitors, for an effective 3200x1200 sized desktop). However, ARD client is also the least configurable VNC server that I have found.

One common issue is not being able to change the port it runs on (default is 5900) ... simply put, I have not seen a true way to do this within the client itself. I wanted to move to a non-standard port (partly for security by obscurity, though I realize that's not real security). Other folks have the issue of wanting to connect to multiple Macs inside the same network.

A real hack that came to mind is this: I have an Airport Extreme router (though almost any router should suffice). From outside the local network, you can configure the router to port forward, as shown in this Apple article.

Use the Port Mapping Setup Assistant to map the following:

Port 5906 on the outside (Public) can be mapped to (Private) port 5900 on machine 10.0.1.2. Hit Continue, then add additional mappings as needed, ie:
  • Port 5904 on the outside (Public) can be mapped to (Private) port 5900 on machine 10.0.1.3
  • Port 3283 doesn't seem needed for ARD VNC access.
  • Etc.
An inside-the-network solution might be to do port forwarding with ipfw or perhaps with ssh ... but I'll leave that for someone else to puzzle out, as this solution meets my needs. To summarize, I have two Macs inside my network at home. From outside the network, I can now...
  • VNC to port 5904 to get to Mac #1 running ARD Client in dual screen mode.
  • VNC to port 5906 to get to Mac #2 running ARD Client.
  • VNC to port 5908 to get to Mac #1 running normal VNC client. I'm still running 10.4.11; as far as I know there is no way to get ARD to reduce its color depth under 10.4 as you can under 10.5 as shown in this hint. So it's painfully slow to do dual screen, full color depth, but occasionally it's needed when I need to get to something on the 2nd monitor.
[robg adds: I haven't tested this one, nor do I know if there's a better solution...if there is, please share.]
    •    
  • Currently 2.14 / 5
  You rated: 3 / 5 (7 votes cast)
 
[48,792 views]  

A workaround for Remote Desktop's fixed VNC port | 7 comments | Create New Account
Click here to return to the 'A workaround for Remote Desktop's fixed VNC port' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
Remote Desktop VNC port configuration
Authored by: njpomeroy on Jan 10, '08 08:49:54AM

For what it's worth, the ARD client VNC port is fully configurable by using the Apple Remote Desktop Admin application.

The ARD client is not a standalone or general purpose VNC server, so it's not surprising that it's difficult to configure it as such. There are other free VNC servers for Mac OS that may be easier to configure than your port-forwarding voodoo here.

One final option, if you have Leopard, you can use Back to My Mac screen-sharing feature to traverse a NAT barrier if all the computers are logged into a .Mac account. No need for complicated NAT port forwarding and translation rules.



[ Reply to This | # ]
ARD VNC port can be changed?!
Authored by: gabester on Jan 12, '08 10:35:54AM

On Thu, Jan 10 '08 at 8:49AM PST, njpomeroy said:
For what it's worth, the ARD client VNC port is fully configurable by using the Apple Remote Desktop Admin application.
==
The port is fully configurable? How? All I see in ARD 3.2 Admin is the ability to enable or disable VNC when I change client settings or create a custom installer.
g=



[ Reply to This | # ]
Remote Desktop VNC port configuration
Authored by: Zim on Jan 14, '08 07:53:23AM

Please show me any VNC server on the mac (other than ARD) that can display both of my 1600x1200 screen on my dual-output graphics card... that is the only reason I was using this otherwise weakly configurable client.



[ Reply to This | # ]
SSH is safer
Authored by: ebaur on Jan 10, '08 10:00:24AM

A safer solution would be to only open up SSH to the outside world (you can still use the port translation to hid the ports used for SSH). You can then - from your external machine - do this:

ssh -L5900:127.0.0.1:5900 someone@my-machine.mydomain.com

This will set up port 5900 on the machine you're sitting at to forward over the encrypted ssh session to the remote machine. You can even use one machine to ssh port forward to another one on the same network. For example:

ssh -L5901:192.168.0.4:5900 someone@my-machine.mydomain.com

will use the machine you ssh to as a hop to get to the .4 machine, and you would connect your VNC client to port 5901 at localhost to get to port 5900 on the remote machine. The benefit here is that you can expose only one machine's SSH port to the internet and use it as a jumping point for everything else.



[ Reply to This | # ]
SSH is safer
Authored by: BobHarris on Jan 10, '08 01:07:17PM

NOTE: using a middle machine to forward as in

ssh -L5901:192.168.0.4:5900 someone@my-machine.mydomain.com

will only use ssh encryption between the first system and the middle system. The VNC traffic will then go from the middle system to the VNC server unencrypted.

This is NOT a big issue if the middle system and the VNC server are both in your home.

By the way, I personally VNC over an ssh tunnel over the internet to control my Mom's iMac, as well as get back to my home systems when I'm away from home.

ssh -L 5905:127.0.0.1:5900 -p 37100 mom@dynamic.dns.noip.com

The -p is a way to tell ssh to use a port number besides 22, and at my Mom's house, her router forwards port 37100 requests to my Mom's iMac port 22 (the standard ssh port).

Of course with back to my Mac and screen sharing via iChat available in Leopard, some of these hints will be needed less and less. ssh is a Swiss Army Knife of networking that is always good to learn.

Bob Harris



[ Reply to This | # ]
A workaround for Remote Desktop's fixed VNC port
Authored by: wallybear on Jan 10, '08 02:29:55PM
If the problem is only to use a different port, you can simply add a ipfw firewall rule like this one:

fwd 127.0.0.1,5900 tcp from any to me dst-port 12345

This rule will route calls to port 12345 (or whichever port you put there) to the 5900 port. You will use a different port for every Mac to be remotely controlled. No need to use tunneling.
You can do that by hand or use the nifty application WaterRoof to set the rules, temporarily or permanently.

[ Reply to This | # ]
A workaround for Remote Desktop's fixed VNC port
Authored by: macsrwe on Oct 14, '09 09:44:11AM

Thank you, thank you for the ipfw solution. I can't depend on my clients having routers that do port translation (e.g., Qwest's standard Actiontec PK5000 DSL interface does not) or MobileMe accounts for Back to My Mac.



[ Reply to This | # ]