Remote Access via UltraVNC & PCAnywhere [Resolved]

I have spend many too many hours trying to connect my home computer to my office computer. There are no router issues…just Comodo. I have had these computers connected via UltraVNC and/or PCanywhere for years, using ZoneAlarm. While I am not a ZA fan, I found breaking thru the firewall must more achievable with ZA.

I guess it says that Comodo works (:SAD), but it does not help me connect my two computers. Nothing seems to work. Comodo will not even recognize a computer that broadcasts its IP from a DNS.

HELP!

Welcome to the forum, Econdoc.

Have you tried defining a Trusted Network yet? It’s in Security > Tasks > Wizards at the bottom.

Yes, I have tried that and it works…sort of.

I would like to Add a Zone by Host Name, not by IP Address. Suppose that I want to access my office computer from my home computer. My home computer may have a dynamic IP. When my home computer’s IP changes, I will be blocked from my office computer.

A previous solution to this problem is to use a dynamic DNS service which broadcasts the current IP of my home computer to the office computer, which then allows entry.

It is not currently possible (or I have not found a way) to enter a Host Name for a Zone. I gather that the first step is to specify a zone and the second step is to include that zone in the Trusted Zone. CFP works on my office computer now only because I have defined a zone with a specific IP…one that will change very soon; I will then be locked out of my office computer. (:AGY)

Is there a workaround?

Hey Econdoc, let me see if I can help out a bit, if you can clarify a few items…

1. Work Computer. Is this IP static?

2. Home Computer. This IP is dynamic, right?

3. Are you connecting just from Home → Work, or are you also connecting from Work → Home?

4. What software/interface are you using to accomplish this? If you are actively using more than one, please let us know.

Tnx,

LM

The Work computer has a relatively stable IP…it changes two or three times a year.

The Home Computer IP changes every month or so.

I almost always go “Home to Office” (Office is the Host).

The software that I am using is either UltraVNC or PCAnywhere. Also I use FTP, where the Office machine is the FTP server.

Hope all this info is what you needed.
Thanks.

You might look at these two threads…

https://forums.comodo.com/help/ultravnc_comodo_failed_to_connect_to_server-t8466.0.html;msg63479#msg63479

https://forums.comodo.com/help/pcanywhere_initial_pop_ups_approved_now_no_pop_ups_and_no_connection-t636.0.html;msg4111#msg4111

I use a remote product, but not either of those; it’s a browser-access product, which makes it all a lot simpler; no network rules are involved (other than one to allow outbound for port 443; which can be added to by including a single fixed IP). I notice that PCAnywhere has a web-based module, as well as a Gateway module that is supposed to help configure for computers behind a firewall, and UltraVNC also seems to have a webaccess as well (but still requires the IP address).

Are you doing a direct access through each IP address, to the computer’s login, web, or how exactly (since I’m not familiar with either product)?

What I’m thinking is (if you have to do a direct access, rather than browser or something)…

Can you define (within each application) the port that is used by the application? If so, what you can do is similar to the first post I linked.

In the application, specify the port (pick a high port, unlikely to be used for anything else - an Unreserved port).

In Application Monitor, make sure the appropriate executable for the running application is listed. Skip or Learn the Parent. I would suggest (for ease of use) setting it to Allow All Activities, and on the Miscellaneous Tab, Allow Invisible Connections.

In Network Monitor, Add a rule at the top to Allow In TCP or UDP (either one, or both; whatever protocol it uses) from Any IP to Any IP, from Any Port to xxxxxx Port (the one you have specified).

Do this on both computers. This is pretty much what is done for p2p applications. This does not open up your computer, and the port is not open. There must be a running application (I presume your remote connection software has an active systray entry and runs in the background) “listening” on that port, in order for the inbound connection to be allowed.

The normal methodology would be the Trusted Zone/Network route, but since your IPs change, that kinda rules that out… I think this should work. One of our other Mods, panic, knows a lot more about these than I; I’ll see if I can’t drum up his help to verify.

LM

I just rememberd you mentioned using Hostname instead of IP address, to Soya.

When you manually create Network Monitor rules, you have the option to specify Host instead of Zone or IP. So if both your computers have a defined Hostname that remains when the IP changes, it could possibly be done that way.

If you wanted to create a Trusted Network/Zone scenario manually that way, you would go to the top rule (ID 0) in NetMon, right-click and Add/Add Before. Your rule will be:

Action: Allow
Protocol: IP
Direction: In
Source IP: Host: (office)
Destination IP: Host: (home)
IP Details: Any

Then do the exact same thing again, with this rule:

Action: Allow
Protocol: IP
Direction: Out
Source IP: Host: (home)
Destination IP: Host: (office)
IP Details: Any.

That’s for your home computer. At your office, you would create the same rules, but in each one reverse the Host for the Destination/Source entries (since it’s going the other way).

Since no port is specified, no software would have to be specifically running (I think) on the host, in order for the connection to be established; at least not on any given port. This also does not open you up, as the connection has only one authorized source point.

If you know that you only need one protocol for all aspects of the connection, you can change Protocol: IP to reflect TCP, or UDP; whatever you need. This will, however, open up port options, which you would leave blank (unless you can specify within the application, which would help tighten things up in general).

LM

Can you let us know the following;

1. What ports UlraVNC uses
2. What ports PC Anywhere uses
3. How you handled changing IP with ZA

You may be heading down the wrong path with host names, if you’re accessing from a remote location. Hostnames work on a LAN if there is an entry in the WINDOWS\SYSTEM\DRIVERS\ETC\HOSTS. file or if your LAN broadcasts local host names, but if you’re using the internet, then “host” refers to DNS registered hostnames which I assume your home PC isn’t ;). The only way you could use host names from work is if you manually edit your HOSTS. file at work to include the current IP of your home PC, but this would need to be edited every time your home IP changes.

Ewen

Thanks LM. This idea was brilliant. It appears to work just great! I would like to communicate to Comodo that the ability to create a Zone with a Host Name would sure make life easier.

Thanks for the reply Ewen. I think that LW has actually solved my problem. (See my last reply). To answer your questions, UltraVNC uses ports 5500, 5800, 5900 and PCAnywhere uses ports 5631, 5632.
The answer to your item 3 is the most interesting. I used a Host Name with ZA! It is possible to obtain (sometimes for free) Dynamic DNS Hosting services. They let your register a Domain name and when your machine is running a small resident program broadcasts your current IP to this service which in turn responds to DNS requests with your IP. Here is a link to see about this: DNS hosting service - Wikipedia

I knew about dynamic DNS servers, but I’ve got to admit that I’m surprised that a local Windows host name was able to be used. I didn’t think it would be broadcast over the internet. Ya live and learn.

You’ll be pleased to know that V3 allows you to use host names directly in a zone rule.

Cheers,
Ewen

Ewen:
I am not sure that we are saying the same thing. Dynamic DNS hosting does not take any information from your local HOSTS file. You register a name with the remote service, e.g. EwensComputer.HostService.com. When your computer is running, your computer sends that name to the hosting service which then can broadcast your IP. For example, you can ping EwensComputer.HostService.com. Another computer can “see” that you are online and what your IP address is. Your local host has nothing to do with this.

Suppose that you are behind a hardware firewall. Your LAN IP is not very useful on a remote connect. What is needed is the Internet IP, which the hosting service can provide to another computer.

You mention V3. When will it be out? Any idea?

Glad that worked, Econdoc, and tnx for jumping in Ewen!

Interesting to know about the “remote” DNS Hosting. Local app on running computer broadcasts to internet. Hmm, sounds like it bridges the gap on remote-access software.

Let us know if we’re all tidied up and good to go here.

LM

PS: I’m going to change the topic’s “Subject” line to make it easier for others to find on a Search.

I’m good to go. Thanks for all the help. Really appreciate it. I was about to go back to ZA which is not anywhere near as good a firewall. You saved me.

When does V3 appear?

Not a problem; glad to help, and glad you didn’t have to go back to ZA. IMO, CFP is much better…

As for v3, well, it’s in a semi-public Alpha-testing phase at this point. Meaning, only registered forum members can download it, it is known to be unstable, is missing various aspects (it doesn’t contain all the code); those using it are supposed to be thrashing it in various ways, finding out what doesn’t work and how, what does work and how, etc. Results will be used by the development team to further the process.

Melih has stated he thinks the final release will be near the end of June (if I remember correctly). However, I personally think it will be at least two months. I could be wrong, and that’d be nice, but that’s my expectation.

When it does come out, you will need to uninstall 2.4 in order to install 3.0. At this point, it does not look like you will be able to transfer your rules over, even with the registry backup script currently used. It’s just too different in structure. However, as Ewen pointed out, it does handle some things easier, so the rules creation you need shouldn’t be too difficult at that point.

LM

PS: I’ll close the thread now. If you need it reopened, just PM a Moderator (please include a link back here) and we’ll be glad to do so.