sonic wall script?

[crazychicken]

i have a sonic wall firewall.

i have a VNC Client running on several computers behind that firewall, so when i want to get on a particual one, i have to connect to which ever one the firewall is set to forward those ports to, login to the firewall, change the ip that the ports are forwarded to, disconnect, connect to the new ip, do what i need to do, then login to the firewall to change it back. This is very annoying. is there anyway to write a script file that does this automatically? like for example i login to the current computer, and click on a file called Change IP to 192_168_168_190 and it changes those settings automatically?

please let me know or point me in some direction

thanks

david

 

[vi edit]

In VNC jus change the listening port from 5900 to something different on each machine that you have it one. Then just forward that new port. Assuming you have enough public IP's to do this.

Example:

Computer A: IP address of 192.168.0.5
have it host VNC on port 5900

Computer B: IP address of 192.168.0.6
have it host VNC on port 5901

C: 192.168.0.7
have it hose VNC on port 5902

In you firewall set up one to one nats of:
XXX.XXX.XXX.XXX -> 192.168.0.5
XXX.XXX.XXX.XXX -> 192.168.0.6
XXX.XXX.XXX.XXX -> 192.168.0.7

Then just set up your access rules to allow access to lan on requests for services 5900, 5901, 5902, ect and allow them to pass to your lan.

This is assuming you have sonic standard OS.

Sonic Enhanced OS will let you actually forward traffic of a single port to multiple devices without having to chance anything on PC side of things.

 

[vi edit]

BTW - what model of sonic wall are you using? Is it a TZ170?

 

[InlineFive]

In this instance I would fork over the $50 for the Sonicwall Global VPN Client. Not only could you connect easier but the traffic would be more secure with AES-256.

 

[crazychicken]

ok this sounds like a great idea to have each computer sitting listening on a different port.

however, when i went in to set this up, i ran into a question

i dont know what a one to one nat is. haha

now there are rules and services. so i used to have a service on port 5900 called "VNC"
and i made a rule that forwarded "VNC" to a specific ip.

so now how do i set it up to forward the range of ports to their respective ips?

thanks for the help

david

EDIT:
i found one to one NAT, but still dont get it. please let me know

david

 

[crazychicken]

ok i just found an amazing article on nat on howstuffworks.com

so how do i know if i have that number of public ips avaliable?
if i do, then i dont even need to do them all on different ports do i? i can just run them all on 5900 and just connect to their different public ips?

they said its called PAT if i use 1 public ip and then do the different ports.

so i think i get it now, i just need to know what range is avaliable for me to use ( and is free?)

thanks
david

 

[vi edit]

Is this for buisness or home use? Your useable IP's would be provided by your ISP. Also, what model is the sonic wall and what version of the sonic OS is it using?

 

[crazychicken]

its for business use

i am using Firmware version: 6.2.0.0

i dont know what model it is and i dont know how to tell from here. i am in NY and the firewall is in TN. i am a college student and my father owns a business and i have access to those machines so i can play "IT guy" from here.

i will call the isp tomorow and see if i have any more ips and i'll let you know if i need anything else

thanks alot

david

 

[vi edit]

Well, when you log into the sonic wall, the "system" page will tell you what model you are using.

 

[crazychicken]

there is no "system" tab. in here its called "status" i guess.

all it tells me is my serial number and my registration code and my firmware and ROM version

it doesn't give me a model number

david

 

[InlineFive]

If you have registered at mysonicwall.com can't you log in and get the model number from there?

Edit: And if it is a business you should definately invest in VPN. Much safer (and better) for VNC usage and network related work.

 

[Fardringle]

I have a very similar situation set up for a small office I play "remote IT guy" for as well. 😉

In order to give myself access to several different computers remotely without having to reconfigure the router every time, I just went into the VNC Server Service settings on the PCs and changed their "accept connections on" port to different numbers instead of Auto(0), then set the router to forward each port to the specific computers. For example, one of the computers is set to listen on port 50, so I connect to the external IP address using port 5950 (xxx.xxx.xxx.xxx:5950) and have the router forward port 5950 directly to the internal IP address of the computer listening on port 50. I do the same for the other computers on different ports and then I can specify which computer I want to connect to from work or home simply by changing the port number in my VNC Viewer client.

 

[vi edit]

Originally posted by: Fardringle
I have a very similar situation set up for a small office I play "remote IT guy" for as well. 😉

In order to give myself access to several different computers remotely without having to reconfigure the router every time, I just went into the VNC Server Service settings on the PCs and changed their "accept connections on" port to different numbers instead of Auto(0), then set the router to forward each port to the specific computers. For example, one of the computers is set to listen on port 50, so I connect to the external IP address using port 5950 (xxx.xxx.xxx.xxx:5950) and have the router forward port 5950 directly to the internal IP address of the computer listening on port 50. I do the same for the other computers on different ports and then I can specify which computer I want to connect to from work or home simply by changing the port number in my VNC Viewer client.

:thumbsup:

This is actually the easiest way. I had a brain fart ealier today and greatly overcomplicated the problem.