Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

ServiceTag

macrumors member
Original poster
Oct 21, 2008
66
2
want to remotely control two Macs in the office (MacMini's with 10.10.5) over the internet from other two MMs, each has own ARD
After Port Forwarding 5900&3283 ports (using ATT/Arris router NVG599) I could make it to work but only for one at the time, not for both...
Asked Apple for help and was told it won't work unless I have static IP@..

So I got static IP@ but I'm newbie in network setup so I'm lost here how to set it up.
I will appreciate any help to make it work.
TIA
 
want to remotely control two Macs in the office (MacMini's with 10.10.5) over the internet from other two MMs, each has own ARD
After Port Forwarding 5900&3283 ports (using ATT/Arris router NVG599) I could make it to work but only for one at the time, not for both...
Asked Apple for help and was told it won't work unless I have static IP@..

So I got static IP@ but I'm newbie in network setup so I'm lost here how to set it up.
I will appreciate any help to make it work.
TIA

So, you have two Minis in the same office and you want to remote control either one of them, correct?

I am not familiar, at all, with ARD, but I know you cannot forward the same port to two internal IPs.

You need to port forward two separate ports, say 3283 and 5900 to Mini 1 and 3284 and 5901 to Mini 2. Those will each forward to 3283 and 5900 on each Mini.

For example:
  1. WAN port 3283 -> Mini 1 port 3283
  2. WAN port 5900 -> Mini 1 port 5900
  3. WAN port 3284 -> Mini 2 port 3283
  4. WAN port 5901 -> Mini 2 port 5900
Now, if you can specify the ports on the ARD client, you should be able to accomplish this.
 
So, you have two Minis in the same office and you want to remote control either one of them, correct?

I am not familiar, at all, with ARD, but I know you cannot forward the same port to two internal IPs.

You need to port forward two separate ports, say 3283 and 5900 to Mini 1 and 3284 and 5901 to Mini 2. Those will each forward to 3283 and 5900 on each Mini.

For example:
  1. WAN port 3283 -> Mini 1 port 3283
  2. WAN port 5900 -> Mini 1 port 5900
  3. WAN port 3284 -> Mini 2 port 3283
  4. WAN port 5901 -> Mini 2 port 5900
Now, if you can specify the ports on the ARD client, you should be able to accomplish this.

port forward for those two separate ports in Arris router is giving me headache...
Under Custom Services I have following and it's working for Mini1:
Name Global Port Range Protocol Host Port
ARD 3283-3283 TCP/UDP 3283
ScreenShare 5900-5900 TCP/UDP 5900

When I did this for Mini2 it didn't work, but I'm sure I have it all wrong since
that gave me "Pinhole Conflict Detected" error..
ARD2 3284-3284 TCP/UDP 3284
ScreenShare2 5901-5901 TCP/UDP 5901

However this combination have no errors but it doesn't work either
ARD2 3283-3283 TCP/UDP 3284
ScreenShare2 5900-5900 TCP/UDP 5901


Thank you for help.
 
Last edited:
port forward for those two separate ports in Arris router is giving me headache...
Under Custom Services I have following and it's working for Mini1:
Name Global Port Range Protocol Host Port
ARD 3283-3283 TCP/UDP 3283
ScreenShare 5900-5900 TCP/UDP 5900

When I did this for Mini2 it didn't work, but I'm sure I have it all wrong...
ARD2 3284-3284 TCP/UDP 3284?
ScreenShare2 5901-5901 TCP/UDP 5901?

Thank you for help.
Yes, the second set is incorrect, but you are so close.

From what I gather, ARD listens on 3283 and 5900. So, both Minis are listening on the same ports on the LAN. On the WAN side, you must use unique global ports, but they forward to the same host ports, but to different IP addresses.

You want the outside WAN ports (3284 and 5901) to point to the LAN ports 3283 and 5900 on Mini 2.

Here's a guide:

http://screenshots.portforward.com/routers/Arris/NVG599/NAT_Gaming_Custom_Services.htm

Global Port = 3284, 5901
Base Host Port = 3283, 5900
 
so for Mini2 I need to have ARD2 Global Port Range 3284-3284 with Host Port 3283 and Screen Share2 5901-5901 Base Host Port 5900? Is that right?
I'm getting Pinhole Conflict Detected XXX error..
 
I found something, and it's not good:

https://serverfault.com/questions/7...s-nvg599-results-in-pinhole-conflict-detected

Specifically:

AT&T's flash of the NVG599 does not support port forwarding where the same destination port routes to two devices.

The workaround was to change the RDP port on the second PC to something besides 3389 and create the port forward to that.

This means AT&T's image for that router doesn't support the base host port being the same. I have never heard of this issue before on any other router.

The only way around this with the current router would be to move the ARD ports on the Mini to 3284 and 5901. I'm not sure that's even possible.
 
I found something, and it's not good:

https://serverfault.com/questions/7...s-nvg599-results-in-pinhole-conflict-detected

Specifically:



This means AT&T's image for that router doesn't support the base host port being the same. I have never heard of this issue before on any other router.

The only way around this with the current router would be to move the ARD ports on the Mini to 3284 and 5901. I'm not sure that's even possible.

Oh men, that's not good news. So 5 static IPs are not going to help in this issue either, correct?
Last time I talked to Apple I think they mentioned ARD can't work on anything but 3283 and 5900 ports..
I guess I'm out of luck. I guess the only option would be to get another router?
 
Static IPs are not the issue. I'd check with AT&T to see what routers they support and see what's possible.
 
Just to trow in my $0.02:
If you use external ports MiniA(3283,5900) and MiniB(something else 1, something else 2), you need to specify in ARD on the controlling machine, that you are using ports (something else 1, something else 2).

Re Pinhole error:
Can you put the Arris into bridge mode and then use an Airport Extreme as your firewall/router?
 
This is your easiest solution.

I don't mess around with cheap routers so i always have some sort of VPN access available. If it's 2 offices for the same company then a site to site vpn is a fairly sensible option. Opening ports to the outside world isn't really a good idea these days.
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.