Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!

10.5: Screen share with multiple Macs behind one NAT System 10.5
After searching for a way to change the port that Apple Remote Desktop connects over (so I could use Screen Sharing to reach two machines behind the same NAT router), I found that in Screen Sharing, you can specify a port for a connection, just like you can do in Chicken of the VNC. So, to manage multiple computers:
  1. Port forward a different port to your second, third, etc. machines. That is, port forward external port 5901 to internal port 5900.
  2. Open the ScreenSharing app, in /System » Library » CoreServices.
  3. Enter your Domain Name and Port: mydomain.com:5901, for instance, for the second port.
That's it -- off you go to the specified machine on the described port. I did have issues with Keychain remembering which username and password to use if you have different accounts on each box. I found that setting up domain aliases for each machine solved this -- i.e. server01.mydomain.com:5901, server02.mydomain.com:5902, etc.

Also, a great shortcut to remember is that you can simply type vnc://server01.mydomain.com:5901 into Safari, and it will launch the ScreenSharing app and connect. Likewise, you can bookmark these URLs (which I do to manage my computer list).
    •    
  • Currently 1.89 / 5
  • 1
  • 2
  • 3
  • 4
  • 5
  (9 votes cast)
 
[17,684 views]  

10.5: Screen share with multiple Macs behind one NAT | 14 comments | Create New Account
Click here to return to the '10.5: Screen share with multiple Macs behind one NAT' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
10.5: Screen share with multiple Macs behind one NAT
Authored by: Cobalt Jacket on Aug 07, '09 08:43:37AM

For people familiar with SSH, it's a lot simpler to use SSH port forwarding (the -L option) to achieve this. It also means not having to permanently alter your system configuration.



[ Reply to This | # ]
10.5: Screen share with multiple Macs behind one NAT
Authored by: palahala on Aug 07, '09 09:09:25AM

On Windows, I've never used VNC without SSH, as (most?) VNC servers have no protection against brute force attacks (and thus allow for an unlimited number of attempts to guess the password).

I wonder if Screen Sharing in OS X has some built-in protection?



[ Reply to This | # ]
10.5: Screen share with multiple Macs behind one NAT
Authored by: las_vegas on Aug 07, '09 06:21:33PM

Screen sharing requires both the login name and password then rejects login after three failed attempts.



[ Reply to This | # ]
10.5: Screen share with multiple Macs behind one NAT
Authored by: palahala on Aug 09, '09 08:19:30AM

I did some testing with Screen Sharing enabled for standard VNC clients, like to access a Mac from non-Mac OS X systems. (In System Preferences, Sharing select Screen Sharing, and then click Computer Settings. Here, one can enable and set "VNC viewers may control screen with password".)

It seems that a VNC client can try to connect as many times as wanted.



[ Reply to This | # ]
10.5: Screen share with multiple Macs behind one NAT
Authored by: ccjensen on Aug 07, '09 10:10:45AM

tunneling through ssh also gives the added benefit of encrypting the connection, as a vnc connection on it's own is quite insecure.



[ Reply to This | # ]
10.5: Screen share with multiple Macs behind one NAT
Authored by: VesperDEM on Aug 07, '09 02:51:17PM

It's wonderful that you suggest using SSH to do screen sharing. However, there are some of us out there that have no clue how to accomplish this. Why not fill us in so that we can all share in your suggestion.

I for one would love to know of a way to do screen sharing on multiple computers without having to do anything to my router.



[ Reply to This | # ]
10.5: Screen share with multiple Macs behind one NAT
Authored by: barko192 on Aug 07, '09 03:51:06PM

You connect to your ssh exposed computer with ssh myuser@myhost.com -L 5900:10.0.1.xxx:5900 where 10.0.1.xxx is the private IP (behind the NAT) of the computer you want to VNC to. This binds the remote port 5900 to your local port 5900 so when you VNC to vnc://localhost you will be able to connect to the remote computer.



[ Reply to This | # ]
10.5: Screen share with multiple Macs behind one NAT
Authored by: mistersquid on Aug 07, '09 08:59:43AM

What I do is I have my router forward all requests on 5900 to a single machine. I then use that machine's Screen Sharing to open a Screen Sharing window to another machine on the LAN, sort of lock SSH hopping.

NB: I can access my machines both by their Bonjour names as well as by their reserved and router-assigned IPs.



[ Reply to This | # ]
10.5: Screen share with multiple Macs behind one NAT
Authored by: mclbruce on Aug 07, '09 10:11:27PM
I think this hint could be simpler:
"Open the ScreenSharing app, in /System » Library » CoreServices."
How about Finder: Go: Connect to Server instead? That's what I use for VNC. If you are already in the Finder, the shortcut is command-K.
"you can simply type vnc://server01.mydomain.com:5901 into Safari,"
This is the format that I use in Connect to Server
"you can bookmark these URLs"
There is a plus key in the Connect to Server window that will add your connection to the Favorite Servers list in the window.

I hope I'm not missing something...

[ Reply to This | # ]

10.5: Screen share with multiple Macs behind one NAT
Authored by: rbenezra on Aug 08, '09 07:28:25AM

You are indeed missing something. This hint suggests a method for connecting to different machines when you are outside the local network, hence the machines are "behind one NAT", like an Airport router. HTH



[ Reply to This | # ]
Ooops! Sorry!
Authored by: rbenezra on Aug 08, '09 07:44:36AM

I misread your suggestion. Yes I think that method will work outside the local network. I would however recommend SSH so as not to have to open any port other than 22 on the router. I use SSH Tunnel manager to avoid having to remember the command line syntax.



[ Reply to This | # ]
10.5: Screen share with multiple Macs behind one NAT
Authored by: jiclark on Aug 08, '09 08:30:56AM

I don't know if anyone is still following this comment thread, but can anyone combine the original hint with the suggestion to use SSH, and clearly spell out the steps to implement the whole deal?

For instance, wouldn't the remote computer have to have Remote Login enabled under Sharing in System Preferences, in order for the SSH trick to work? Also, the original hint refers to "server1.mydomain.com"; is that the address of the remote computer you're trying to screenshare to? How does that relate to an SSH address to access (like "myuser@myhost.com")?

This seems like a potentially very useful hint, but without more details/instructions, I'm afraid it's not really very helpful... Sorry, but most of us reading these hints aren't as knowledgeable as the folks that post the helpful hints/comments, so we need explicit instructions to be able to actually make use of them!



[ Reply to This | # ]
10.5: Screen share with multiple Macs behind one NAT
Authored by: robogobo on Aug 08, '09 09:49:56AM

ssh aside, this hint will work if you're lucky enough to have a router that allows routing multiple external ports to the "same" internal port (see, it's not the same if it's on a different machine). Some routers consider this an NAT conflict.



[ Reply to This | # ]
10.5: Screen share with multiple Macs behind one NAT
Authored by: spinkb on Aug 08, '09 01:41:32PM
Summary of hint with SSH.

Forward port 22 on your router to one of your internal machines. For example my main server is 192.168.0.50. So in my router, I forward port 22 to 192.168.0.50.

Now on that machine, allow for "Remote Login" which is SSH.

Now before making a connection, connect using the Terminal with SSH:

ssh -L 5901:192.168.0.51:5900 username@your_ip_address

Once you have connected the SSH, use the OS X Finder, and do a connect to server, and enter:
vnc://127.0.0.1:5901/

If you wanted another machine, change this line and specify a different machine:
ssh -L 5901:192.168.0.95:5900 username@your_ip_address


That's it. Of course, my own software, CrushFTP can make this even easier to do with its ability to do tunneling over HTTPS and has a GUI to configure it...its available in my CrushFTP 5 beta. But the free method using SSH is spelled out above.

http://www.crushftp.com/beta.html

--Ben



[ Reply to This | # ]