My company has taken to blocking all of the remote PC software/sites I have found. Assholes! They have slowly starting locking our internet/bandwidth and browsing down and I know eventually I'll not be able to post here either :(

logmein = blocked
gotomypc = blocked
vnc = blocked

Does anyone have any suggestions for how I can connect to my PC at home and break free of the network nazis?

You can change RDP to run on any port, I've gotten out on FTP :> You can also run it over HTTPS if you have a recent XP/Vista with IIS installed to my understanding.

Also, you can try getting around the blocks with creative use of SSL depending on the exact proxy they're using.

I have nothing to contribute on this, but wanted to say I love these threads about how to do stuff........I am constantly learning stuff thanks to the questions and answers you all provide each other.

So you're saying if I have Vista or XP at home I can install IIS and then RDP to my box? I am completely lame in this arena anymore =\


Oh and I worry about opening this up, is there a way I can use my router to prevent just anyone from being able to RDP to my PC?

How are they blocking VNC? If by port, it's really easy to switch it to another port.

I'm not sure, I tried several different ports (this was a while ago).
They even locked down the wireless we give to patients as a courtesy; I was hoping they had not and I could my iPhone, alas I will have to wait for 3G to get to my area.

Try an encrypted connection. They're probably blocking it via packet inspection.

I tunnel everything over ssh.

How do you connect to your home PC? I just need to know my IP address? If you use a router isn't everyone's IP address the same? (168.192.1.1xx or something)

I'd like to connect to my home PC from work :)

How do you forward a port?

You forward the external IP port to your internal address, on the router. Same as how you set up some games or BT.

does it matter if your ISP uses DHCP? this is a router thing right and therefore since you're forwarding it on your router it won't matter? and if you're using VNC you just choose a port that's not blocked by your nazis at work right?

This is slightly risky too right? I mean you're open to the world and stuff.

You may need a service like dyndns.org if you expect your home IP address to change occasionally.

The more ports/services you open on your home computer to the Internet, the riskier it is, yes. That's part of why I expose a single ssh port on my computer and tunnel everything (Remote Desktop, VNC, etc.) over it.

Oipunx, you'll need to know your external IP:

http://whatismyip.com/

Go there from home.

There are several problems you could run into:

Some ISPs now days don't even give you a public IP anymore. They have a bunch of people on a single public and they use NAT to direct traffic. Since you have to do port forwarding on the outside (internet) facing router, if your ISP has assigned you a private address, you're SOL.

Most ISPs don't give you a static IP unless you pay for it. If you just plugged your router in and it worked, chances are you're assigned your IP dynamically, which means that if you power off your router (or the power goes out), you could be assigned a new IP address when you boot it back up (depending on the lease duration set up on your ISP's DHCP server). If that happens, you will need to go to whatismyip.com again and find out what it is. Not a huge deal, but could be a hastle if you don't realize it changed and try to access it remotely.

As to HOW to set up port forwarding: its different in every router. Look online for a manual or a how-to for your model router. Its usually pretty easy (relative term, of course).

As to which remote program to use, that is going to depend on your OS. If you have XP Pro, or Vista Business / Ultimate, you can use RDP. If not, you will need to install something like RealVNC (http://old.realvnc.com/download.html).

If you're going to use RDP: The default RDP port is 3389. You'd want to point all traffic headed to that port to the private IP address of your computer. This one should be something like 192.168.0.X. If you need to find out what your IP is on your machine, go to command prompt and type ipconfig. You also will need to turn on Remote Access: right click My Computer, click Properties, click on the remote tab, put a check in the box for Remote Access, add users to the Allow These Users (or whatever it says) box (note: any account you add here must be a password protected account).

If you end up using RealVNC, there is a tutorial (http://www.realvnc.com/support/faq.html#firewall) on the settings you need to put in your router.

I meant to reply back to this some time ago but forgot :(

I set up my PC to accept RDP connections /shudder but it works great. I also found a utility that allows you to not have to bother remembering your IP address if like me you have a DHCP address from your provider. http://www.no-ip.com/services/managed_dns/free_dynamic_dns.html I haven't actually tried this utility yet though, I've just been keeping up with my IP.

This (RDP) is actually the easiest thing I've found yet. There is no way they are going to block this traffic b/c other vendors access app nodes via RDP and b/c our windows guys use it to access their 500+ mess of servers. I do worry about safety though :(

Limit incoming connections on that port to the IP range you use at work, and you should be relatively safe from malfeasance.

I'm not sure how to do that exactly, can you expand on that?

I configured my router to forward the RDP port for a static IP address of a node on network. But, I am not sure how to limit incoming traffic...that sounds really good! I'm far far FAR from network savvy :(

It depends what kind of router you have.

When you configure the RDP port forwarding TO 1.2.3.4/32:3889, you may also be able to specify that it come FROM 10.11.12.0/24. Alternatively there may be a "firewall" type configuration section that allows you to set packet transit rules like "allow tcp from 10.11.12.0/24 to my-external-ip port 3889" followed by "deny tcp to my-external-ip port 3889".

It'll be in the manual if you can.

it's a linksys wrt160n. it doesn't have that option to specify the FROM address just the To. The only place I see any source and destination stuff is under the DMZ tab which I thought DMZ basically put you and all your ports outside.... I did look into putting the DDWRT firmware on my router but it looked so beyond my skillset or desire to much with I just didn't bother :(

Does the generic firewall with windows offer this?

Manual is here:

http://www.linksys.com/servlet/Satellite?c=L_Product_C2&childpagename=US%2FLayout&cid=1175239516849&pagename=Linksys%2FCommon%2FVisitorWrapper

It looks like the DMZ tab may be what you want. You might be able use the Windows firewall but its view of addresses and connections may be different depending on how the port forwarding is done. Look in the security log and see where it sees connections coming in from, if it's a public address then you can whitelist that subnet and deny everything else.

Otherwise you'll probably need to fiddle with the DMZ page a bit and restrict it to the RDP port(s) and the source IP address.

Hope that helps.

It does ty.