I've done a couple hours of search both here and on google and I'm at a loss as to whether I can or can't access my mac's desktop through an internet browser using the software provided with the OS (i.e. ARD). Now the only thing that I did find relates to a WBEM option in the kickstart command for ARD, but after turning that on I'm not seeing any difference, nor am I seeing port 5988 open as expected, but that could be due to the fact that some software is a little flaky on my poor setup.
Now the question is this, has anybody on this wonderful forum gotten remote desktop access over http working and how did you get it working?
Current setup:
AMD64 3000+
MSI K8T-Neo2 motherboard
Chaintech 6600GT AGP gfx card
1GB Kingston DDR400 memory
250GB Western Digital SATA HD
Other information can be supplied on request as I'm currently at work and that's all I can think of that is pertinent at this time.
Full Version: remote desktop over http
Simple, where I work does not allow squat through their firewalls, so the best I can do is using some kind of web based remote desktop software tunneled and ssl'd over port 443.
You can make VNC use any port you want... I wonder if it would work using 443? 
Possibly, but (and I know now I should have posted all this to start with to avoid this) with my DLink gaming router and my web server behind it the only/easiest way to keep it up and running AND to get to my desktops behind it is through the use of a reverse proxy and name-based virtual hosting on the web server that's in the middle.
VNC has java based web server off of port 5800
So at this point I'm beginning to get the impression that I'm going to have to install VNC instead of trying to use what comes with 10.4.3..
And after spending quite a bit of time fiddling with VNC I remember why I couldn't use it before to access my windows box since I have to use a reverse proxy to get to the machines behind my web server and VNC likes to make direct connections, which of course is killed by the fact I'd have to port forward around said web server which in turn would kill remote access to my windows machine as well as all ssl access to the web server itself.
QUOTE (Malketh @ Mar 22 2006, 01:45 AM) 
And after spending quite a bit of time fiddling with VNC I remember why I couldn't use it before to access my windows box since I have to use a reverse proxy to get to the machines behind my web server and VNC likes to make direct connections
If you install OpenSSH on your windows PC listening on 443 instead of 22, you should then be able to use the OpenSSH client on MacOSX to connect via HTTP proxy to port 443 on your windows PC, and then set up an SSH tunnel for whatever ports you'd like.
Sorry but that won't work and after rereading it 3 times it has no bearing on my setup or what I'm trying to do. Thanks for the effor though.
I guess I misunderstood your config. on a few levels.
Your Mac is at home, and you want to control it from a PC at work? Yes? (I though it was the other way around on first glance)
Further, it sounds like you're already forwarding port 443 to port 3389 on another Windows PC you have at home? (using your Dlink router to do the forwarding?).
You're throwing me at "I have to use a reverse proxy to get to the machines behind my web server". Are your running a web at cluster home behind your "Reverse Proxy"? Or are you saying "Reverse Proxy", but mean "Port Forward"?
Sounds like you're running a web server at home, probably on port 80?
Sounds like your work only allows traffic on 80 and 443 (possibly though a Proxy? Transparent Proxy?)
It'd be more helpful if you could describe your configuration completely.
Your Mac is at home, and you want to control it from a PC at work? Yes? (I though it was the other way around on first glance)
Further, it sounds like you're already forwarding port 443 to port 3389 on another Windows PC you have at home? (using your Dlink router to do the forwarding?).
You're throwing me at "I have to use a reverse proxy to get to the machines behind my web server". Are your running a web at cluster home behind your "Reverse Proxy"? Or are you saying "Reverse Proxy", but mean "Port Forward"?
Sounds like you're running a web server at home, probably on port 80?
Sounds like your work only allows traffic on 80 and 443 (possibly though a Proxy? Transparent Proxy?)
It'd be more helpful if you could describe your configuration completely.
Okay.. Here's the setup at home. Dlink router has a DMZ setup to a linux server which has a webserver on it, among other things, running on ports 80 and 443 (non-ssl and ssl respectively). Now from there I'm using apache's reverse proxy module along with name based virtual hosting to allow me to connect to my windows desktop at home which is running Remotely Anywhere on port 443 (for simplicity). Now the reason for this elaborate setup is two fold: 1) It allows me to run my web server AND be able to remote into my desktop at home, 2) Work has a very restrictive outgoing firewall and proxy setup. So the trick here is basically making said webserver act as a proxy between the desktops at work (and their proxy) and the mac desktop at home like it does with my windows desktop at home. Sadly the VNC applet doesn't work because it causes the computer it's being run on (i.e. the one at work) to make a connection to the desktop at home which is stopped by the firewall at work.
Hope that clears things up.
Also I'm hoping that if nothing else work then the new PCAnywhere 12 will have the same web support that Remotely Anywhere has.
Hope that clears things up.
Also I'm hoping that if nothing else work then the new PCAnywhere 12 will have the same web support that Remotely Anywhere has.
Ok, I see what you're doing now.
Just for clarification:
If you go to https://name1.yourdomain.com and https://name2.yourdomain.com, do you actually have Apache reverse proxying SSL to two (or more) different virtual hosts based on name, or is the only thing you can currently reach via https (port 443) Remotely Anywhere on a single windows PC? If more than the windows PC, please describe what other services you have Apache reverse proxying SSL to. (not including HTTP (port 80) reverse proxies)
Just for clarification:
If you go to https://name1.yourdomain.com and https://name2.yourdomain.com, do you actually have Apache reverse proxying SSL to two (or more) different virtual hosts based on name, or is the only thing you can currently reach via https (port 443) Remotely Anywhere on a single windows PC? If more than the windows PC, please describe what other services you have Apache reverse proxying SSL to. (not including HTTP (port 80) reverse proxies)
Currently I have https://name1 reverse proxying to Remotely Anywhere on the windows box and I have https://name2 reverse proxying to the Mac's apache server as I was testing the second name-based virtual host since Apache2 can be a little flaky at times, I've seen.
Ok.
It is possible for you to abandon named based virtual hosting, at least for https (port 443)?
It is possible for you to abandon named based virtual hosting, at least for https (port 443)?
No. And what good would it do me if I did?
If you were able to do without reverse proxy on https, you could set up a VPN on that port, or do as I suggested before and use SSH to tunnel whatever ports you need through 443. There are many more options as well, but most of them require that you don't disturb the stream at the end point.
As I'm sure you're aware, if you use reverse proxying on Apache to divert https to more than one machine, you break the ability of easy tunneling on 443. This is because Apache reverse proxy can only accept HTTP/HTTPS, and needs to decrypt the stream to retrieve the host information from the http header to decide where to reverse proxy to.
If you don't use reverse proxy, you can send any data you wish over 443. Why? You probably know, but for completeness I’ll blurt it out anyway. Because any forward proxy that supports HTTPS (transparent or not) cannot know what's traveling over that port, since it's encrypted. It just dutifully forwards it on. (Note: Some forward proxies do restrict access on 443 by limiting the connection time, or the amount of data transferred on each connection, however this is rare).
Now, for remote control of your windows PC, you could look at logmein.com and see if the free version does what you need.. this would free up the need of forwarding 443 to the windows PC for remote control. Doesn't solve the Mac problem though, unless you don’t actually need to operate a secure web site from home.
If it's still not an option, you'll need to use software that encapsulates a TCP stream in HTTP requests, such as "httptunnel" ( http://www.nocrew.org/software/httptunnel.html ). This will, however, slow down communications -- dramatically if you have higher latency. Also note that, as far as I know, there is no Mac version, so you'd need to forward from your home windows or linux box to the mac... (There’s many more limitations as well.)
ProxyTunnel ( http://proxytunnel.sourceforge.net ) may look like an option on the surface, but if you read up on it ( http://proxytunnel.sourceforge.net/paper.php ), you'll see that it exploits exactly what I was referring to earlier. To use ProxyTunnel, you would need to dump reverse proxy.
Dumping reverse proxy for HTTPS and then just tunneling over 443 is, by far, the easiest way to go... but, of course, you kill direct access to your SSL server, since 443 would effectively be just another port for SSH.
As I'm sure you're aware, if you use reverse proxying on Apache to divert https to more than one machine, you break the ability of easy tunneling on 443. This is because Apache reverse proxy can only accept HTTP/HTTPS, and needs to decrypt the stream to retrieve the host information from the http header to decide where to reverse proxy to.
If you don't use reverse proxy, you can send any data you wish over 443. Why? You probably know, but for completeness I’ll blurt it out anyway. Because any forward proxy that supports HTTPS (transparent or not) cannot know what's traveling over that port, since it's encrypted. It just dutifully forwards it on. (Note: Some forward proxies do restrict access on 443 by limiting the connection time, or the amount of data transferred on each connection, however this is rare).
Now, for remote control of your windows PC, you could look at logmein.com and see if the free version does what you need.. this would free up the need of forwarding 443 to the windows PC for remote control. Doesn't solve the Mac problem though, unless you don’t actually need to operate a secure web site from home.
If it's still not an option, you'll need to use software that encapsulates a TCP stream in HTTP requests, such as "httptunnel" ( http://www.nocrew.org/software/httptunnel.html ). This will, however, slow down communications -- dramatically if you have higher latency. Also note that, as far as I know, there is no Mac version, so you'd need to forward from your home windows or linux box to the mac... (There’s many more limitations as well.)
ProxyTunnel ( http://proxytunnel.sourceforge.net ) may look like an option on the surface, but if you read up on it ( http://proxytunnel.sourceforge.net/paper.php ), you'll see that it exploits exactly what I was referring to earlier. To use ProxyTunnel, you would need to dump reverse proxy.
Dumping reverse proxy for HTTPS and then just tunneling over 443 is, by far, the easiest way to go... but, of course, you kill direct access to your SSL server, since 443 would effectively be just another port for SSH.
One other thought:
It's certainly a hack, but if you can already remotely control your Windows box, why not just use a VNC client from there to control your Mac (Assuming you use ARD2)?
It's certainly a hack, but if you can already remotely control your Windows box, why not just use a VNC client from there to control your Mac (Assuming you use ARD2)?
Well currently I have been doing the whole VNC from withing a remoted windows window, and I don't like it. It's not elegant. Hence why I'm here in the first place. 
And given that I want to keep the SSL website up that rules out any and all tunnelling/port forwarding, so I guess I'm back to square zero. Thanks anyway for the suggestions.
And given that I want to keep the SSL website up that rules out any and all tunnelling/port forwarding, so I guess I'm back to square zero. Thanks anyway for the suggestions.
QUOTE (Malketh @ Mar 28 2006, 01:09 AM)
so I guess I'm back to square zero.
You certainly give up easy
Well, you can still try httptunnel. It'll likely do what you want - A bit of a pain to setup, and isn't the fastest thing in the world, but probably faster than VNC through Remotely Anywhere (seriously, try logmein.com (made by Remotely Anywhere). I'm sure it's faster than Remotely Anywhere through http).
Also, it looks like the OpenVPN project recently implemented port sharing, allowing it, and an HTTPS server to both share port 443 (not exactly sure how they did it but...). Unfortunately, OpenVPN would require admin privileges to install on your Windows PC at work, so I don't know if that's an option.
Heh, I don't give up easy, I just reprioritize. This got put on the back burner for the moment as I just ordered parts for my new mac yesterday and the weekend is going to be spent getting that up and running and then retooling two other computers I own.
As for OpenVPN, yah that's out of the question as 1) I don't have admin, and 2) my work PC is owned by the military. I'll take a look at httptunnel, and logmein.com when I get a chance though, so thanks again for the help.
As for OpenVPN, yah that's out of the question as 1) I don't have admin, and 2) my work PC is owned by the military. I'll take a look at httptunnel, and logmein.com when I get a chance though, so thanks again for the help.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.