Some further information if your host is behind a router:
Make sure "Block WAN request" is disabled or else you'll be going nowhere, fast.
It is important to allow the PC Anywhere ports to be open at the host end through the router (inbound) to the ip address of the host computer. It's best if the router doesn't send a dynamic IP to the host PC (read: make the host pc's IP address static), but usually the IP address won't change because DHCP server maps to the MAC address of the dhcp client (I know, more than you probably need to know.) BUT, within the web admin of the router, you need to set the following ports inbound to the IP address of the host...
It looks like:
TCP PCanywhere port 5631 Inbound 192.168.1.[host
IP] port 5631
UDP PCanywhere port 5632 Inbound 192.168.1.[host IP]
port 5632
Your connections may vary. Out of slots? try the port range forwarding of your router.
[save/Apply/ok]
This
does not change the configuration of anything else. You should also
(from the Host PC) go to a site like www.checkip.net or my link
to make sure the Dynamic DNS client/service you use is recording the
same IP address, and not an unroutable 192.168 address.
If you're having problems setting this up on your router, check out portforward.com and get explicit information for your router.
Symantec has a reference page for more information about the ports that PC Anywhere uses.
PS: You can save yourself some money and try TightVNC. It's free, you can fit it on a floppy and do about the same thing. File transfer is included in the Win32 version of TightVNC.
The only router change is that the inbound ports are (by default) TCP 5900+display number for VNC client, and TCP 5800+display number for HTTP client.
PPS: If you have multiple host PCs behind a NAT Router/Proxy Server, the router needs unique ports to map to each host from the outside. It means that, for example, TCP port 5901 inbound can map to [IP.address.2nd.host] port 5900. With VNCviewer, it's easy to switch computers: Connect to Router.Host.Ip.Address:Display, or more closely: my.dynamicdns.com:1 which will connect to 5901, and port forward to the second host behind the firewall.
If you have multiple PC Anywhere hosts that you want to view, you
have several options. The one I like to use most is to have the
router accept various port numbers pointing to different waiting
hosts.
For example:
TCP 5631/UDP 5632 may be the primary
machine you'll always want to view. It is configured in the router
just like above.
TCP 5633/UDP 5634 may be a secondary machine to
view. It is configured similar to the following:
TCP PCA2 port 5633 Inbound 192.168.1.[2nd host IP] port 5631
UDP PCA2 port 5634 Inbound 192.168.1.[2nd host IP] port 5632
The key is that the host PC's don't need anything special done
to them. The router handles forwarding appropriately. So, how do you
connect from remote? This
Linksys Link tells how you can change the port that you use to
connect from the PCAnywhere client.
Now, Linksys' document tells
you to change BOTH the host and remote. This is because they only
have 5 options (in UPnP) to forward one port to another different
port. I don't like Linksys' method because it means that you have to
maintain a list of ports AND IPs on your LAN if you're using more
than two PCAnywhere hosts, and are using PCAnywhere to remotely
manage PC's onsite. Another option is to use a proxy server to port
forward ... or obtain a more feature-rich router.
Here's a breakdown of where things might go wrong, from the elementary to the esoteric. Let's have some fun, shall we?
Power. If any of the host items don't have power, forget about it. Get yourself a UPS to make sure you're always up for it. Remember: Cable/DSL modem, your router, a switch/hub, and your PC must all be on for this to work.
ON. Just having power isn't enough. The items must be on, especially your PC. If it hybernates, you will want to make sure that you turn that hybernation off in the screensave/power section. Make sure your computer is in “always on” mode! No, you don't have to leave your monitor on at home. You don't have to have your monitor on your UPS, if you don't want to.
Waiting for connection. If your host computer reboots itself, and you don't have your hosting software running as a service that “Automatically Starts” on boot, it's not listening. And, guess what? You can't turn the service on remotely. (It'd also be a good time to make sure you don't have a CMOS boot password. You can't enter that remotely, either.)
Connected to the Internet. If you use PPOE (such as for DSL), you need to make sure the connection is established with some “keep-alive” type software that can run automatically. (Hint: all it takes is a ping to some site). If you have a software firewall such as ZoneAlarm or Norton Internet Security, make sure you've allowed the host program to act as a server!
Dynamic DNS/IP client (DDNS client) updating properly and running as a service with automatic startup. Look, if you're behind a router and not using “web based IP gathering” on your DDNS client, you're probably shooting yourself in the foot. If your DDNS client is reporting that your IP address is 192.168.1.100, you're not helping your cause. Your ISP issues you a real IP address. This address is the address on the “outside” of the router. It is the address by which the world knows your connection. It is called the WAN address on a router. This IP address from the ISP must be the one, the only IP address (until it changes) that the DDNS client should report. Because, guess what? You're going to connect to the host from the Internet... you should know what the Internet knows. (PS: If the client isn't running, the DDNS provider will have your last known address, which may probably be wrong!)
PC having the correct internal IP address. Remember I said that DHCP is generally monogamous to MAC addresses? Well, just in case, understand that, forinstance, Linksys routers hand out IP addresses in the range of 192.168.1.100-192.168.1.150, more or less. You should assign your PC a number outside the range of the DHCP scope. That is to say, the host PC should have an IP address like 192.168.1.99 or 192.168.1.2. Don't use 192.168.1.1! (that's the router!) Subnet mask should be 255.255.255.0 and default gateway should be the router 192.168.1.1.
Router should point to the correct PC's INTERNAL IP ADDRESS. Usually, this means 192.168.1.x (x can be 99, like above!) This should be straightforward. If you haven't opened the correct ports to the correct PC, it's like opening a door to a closet. Yes, it's neat you have a closet with a door. But it doesn't go anywhere.
Host PC can see the router. OK, I admit this is dumb. I put this step in as a troubleshooting step just because of completeness. If Host PC can access the Internet, this step is irrelevant.
Router connects to Internet. Yep, I went there. If I didn't, well, someone would point it out to me!
Router allows incoming Internet (WAN) connections. Well, it seems some routers have a checkbox that “Blocks WAN Connections”, even if you set up port forwarding properly. Don't ask me. I didn't make the routers. Just make sure the box is (un)checked in the appropriate direction if you have that option. While you're here, you might consider changing the default password of the router (usually admin) just for a bit of added security.
Test the port to be open with a port scanner I've realized a big problem with troubleshooting PCAnywhere connections, especially behind a router, is that you have really no way of determining if you're actually accepting PCAnywhere requests while you're at the host site, and by the time you're out at the remote, and it doesn't work, you'll be frustrated. If you google for port scan, you'll come up with various sites that will be glad to probe your open ports for you. The best ones, such as PC Flank actually allow you to choose a port to scan. Care to guess what port you'd like to scan? Yes, that'd be TCP port 5631. If it shows as "open", you've done about as much troubleshooting as you may need. Please note that some corporations don't take kindly to their security/firewall being probed. Since these probes generally only probe *your* WAN/external IP address, the security implications are minimal. You're asking to have your firewall probed. By even being here, you probably should have clearance from your IT admin (or that person is you) to be setting up PCAnywhere through your firewall.
The rest is related to the viewer, but it can be summed up thusly: Viewer connects to the Internet and requests to view the DDNS name.
If you're cascading routers (such as for a Wireless Router connected to your ISP's router), you'll probably want to check to make certain you're passing the ports down through each router.
I hope this helps in some small way!
Oh! You're still
here! Um. OK. Do you want to know when this gets updated? Thanks
for the suggestion!
Click for E-Mail:
mailto:dynamic-ip-request@gwybsd.homeip.net?subject=subscribe
or Web: http://gwybsd.homeip.net/mailman/listinfo/dynamic-ip
Updated 11/7/2007 ... clean up some link changes.
Updated 7/29/2006 ... Additional Troubleshooting-port scan! Also, added IP address.
Updated 6/10/2006 ... Out of ports on uPnp on your linksys? Try port range forwarding. You can use "ranges" of one port, or pass several ports to another host to delegate.
Updated 5/11/2006 ... Added link to my new web page regarding hosting your
own web server.
Updated 5/4/2006 ... Added link to portforward.com
Updated 12/18/2005 ... link verification and minor text changes.
Updated 8/23/2005 ... Added #12 for troubleshooting based upon a referral link. Here I am, my first thought is for people to connect simply because they have their PC connected to the Internet directly. Then, I get some hits regarding “behind a router”, so I add this lengthy Troubleshooting, and then I get “still doesn't work” and it's about cascading routers. I've had too much trouble of my own dealing with cascading routers. You really have about three ways to handle them:
Make the secondary router's WAN IP a DMZ in the primary router -- easy, but not all that safe if you don't trust your secondary. However, if you are using a proxy server as your secondary, this is a likely way to go because your proxy server can/should be able to do its job of filtering Internet. OR
Don't use the WAN port of the secondary router. This is actually not the worst idea in the world. It requires a bit of intelligence to make certain that you don't have two DHCP servers (ISP router and secondary router). You must be sure that your ISP's LAN IP address isn't the same as your secondary router, but all IP address on your LAN must be on the same subnet (such as 192.168.1.x). All ports allowed are configured through the ISP's router. OR
Pass only the ports you want to use. This is the safest way because you can know exactly what ports are open in your ISP's router. The downside of this is that your ISP's router might not have lots of available slots to do port forwarding. This might not be an issue, now, but if you start thinking about hosting more servers, you could run out of port forward slots pretty quick. You have to forward the same ports for each router, ... ISP listens on the inbound ports, then passes to the WAN address of your secondary router, which is configured as above to point to the LAN address of the host.
Updated 4/25/2005 ... Updated a couple of links. Changed some
capitalization; changed "home" to "host" in a
couple of places
Updated 9/25/2004 ... minor link change
Updated
9/10/2004 ... added some "hidden" mouseover definitions.
Updated 9/9/2004 ... added subscribe to announce links based upon
feedback.
Updated 9/5/2004 ... added troubleshooting.
Updated
8/17/2004 ... added some specific changes/clarifications based upon
feedback. Added more information regarding multiple hosts behind
router.
Updated 8/16/2004 ... changed BaliDynDNS link (sorry for
the bad link!). Also added this info. Check also that you can click
the link to add a comment above!