Remote desktop behind a NAT or firewall

My internet provided pulled a bad trick by putting most of its customers behind a NAT. This is bad because before each customer had a dedicated public IP.


Even it was dynamic, meaning it changed on each reconnection, it still enabled connections to my router from the Internet. Such direct connections are required to set up game servers to play online with your friends, correct bittorrent operations and most important – remote control of your home computer over the internet. To do all that you just had to setup port forwarding via NAT of your router. Now, when customers don’t have their very own public IP but rather several customers share the same public IP, meaning they basically are in a local network, which connects to the Internet via NAT which is now at the providers side. That means I can’t connect to my router from the Internet no more, since there may be several routers behind the same public IP, and the inbound packets just don’t know where to go. It wouldn’t be as bad if the provider set up its NAT to forward a separate group of ports to the customers, so that connecting to the shared public IP while specifying
the port belonging to the customer could establish the desired connection, but no. They didn’t.
The problem is even worse for me because there are at least 3 customers of this very provider all across town and I have to connect to their desktops from time to time for remote assistance. And remote desktop now doesn’t work, so I have to use some other solution. At a glance, it looks like this. Since direct inbound connections are impossible now, you should employ some server in the internet that could help connect the two computers behind NAT together or even tunnel all traffic between them. If you already pay some hosting provider for dedicated server, you could use it to setup reversed SSH connection, if the terms of service allows that. Too bad reverse SSH is a complicated set up even for an experienced system administrator, let alone the computer illiterate users that require remote assistance in the first place.
So we need something far easier.
The first option is VNC. Some forum guru compiled a VNC server and client to tunnel traffic over GTalk. In case you don’t know, Gtalk is a proprietary version of an open XMPP protocol, commonly known as jabber. So the connection between two computers not accessible directly from the internet, goes through GTalk servers. The software is quite easy to use. You just download an .exe, launch it on both computers, enter the same Gmail address and password on both sides and click sign in. After the connection is established, the user requiring remote support clicks Show desktop button. After that a VNC client launches allowing all standard VNC features. Apart from crashes, this software has a serious speed problem, since the connection basically goes over IM client. Another problem lies in this very version: it doesn’t allow to save Gmail login and password, automatic login and automatic desktop show on remote side connection. To put it simple, you can’t have this starting on boot and allowing any time access to the target computer, which is unacceptable for servers and other unattended stations.
TeamViewer has none of this issues. This software is the leader in remote access industry, mostly because it requires no setup at all and it is free for private use. Well, the ads of the paid version in the free version are annoying. And it is available for all operating systems, mobile included, which is great. You even don’t necessarily have to install it, which is important when the remote user doesn’t have admin rights. To do that, he has to download QuickSupport version of Teamviewer, launch it and tell the remote side the digits that the software generates.
The remote user has to download the full version, but installation is also not required – the installer has an option to run the software in portable mode.
Type in the digits provided by the other user to control the target desktop. It is clear that you have to install the software to get unattended access to the remote computer. Unfortunately, you can’t install TeamViewer while QuickSupport is running, so use the VNC package described earlier as a temporary means to install TeamViewer. While installing, create a TeamViewer account if you don’t have one already, and the target machine will be added to your profile.
Now the only thing you have to do to connect to a remote desktop is launch TeamViewer, login to your account and select the required computer from the list.
So, there obviously is life behind a NAT. What I personally object is that before I was the owner and master of the remote connection as they were direct. Now I have to rely on third party services, which bear a risk of being shut down at any given moment.

Leave a Comment