vnc connection to another network?

[dac69er]

a bit sad, but have a work related question.

at work i use vnc to connect to select PC's, they are on the same network as myself, we call it the 200 network as the ip address begins with 200. this works fine.

my question is this; one of the PC's i connect to on the 200 network has another network card for a local control network of about 5 devices. i want to be able to connect from my pc via the pc that is on the 200 network to a device on the other network.

had a good google search and am struggling to find an answer to my exact question. can anyone shed any light on this? i have a tried a few things, but with no success. maybe i am missing a simple trick!?!?


thanks

 

[dac69er]

anyone have any ideas?

 

[dark_knight]

is that workstation/pc that is on both networks doing any sort of routing or NAT'ing..? that may be your problem right there mate. there needs to be traffic transparency between both networks (via that node) for you to patch through.. otherwise the internet wouldn't be a very safe place to be..
check and verify that then get back. i may be able to help..

 

[SupaStu]

Can you not add the dns entries of those servers to your AD servers, and also add rule entries to any firewalls (if any if its internal). Then just use rdp to connect, ie mstsc on the command line to get the prompt up, then enter the server name/ip? Thats the method we use on all our customers servers, we just run it from the terminal server, this works over different domains provided the dns entries are there etc.

 

[Paul_JJ]

I'm not good with the VNC but I'm not sure if you actually can use VNC while being on VNC on the PC - as it most likely will use the same ports and wouldn't work properly.
Have you tried to use VNC to get to the PC and then use Teamviewer to connect to another PC? This might work.

 

[dac69er]

i can vnc, and then vnc again from that pc to get access to the other network. only problem with vnc is that you essentially take over the pc you are connected to. if I connect to 2 pcs, I am putting 2 out of use.

I cant do anything from the server end as I have no access to that as its all IT. I only have access to the local machines, and only the ones I look after (SCADA control system pc's).

I want to connect from my pc to pc2,3 or 4 via pc1:



pc1 has 2 different network cards and is connected to 2 entirely different networks. the only access to the local network on pc1 is via pc1.

 

[dac69er]

any ideas? im stumped. I was looking at the internet connection sharing route. but that is a bit of a headache in itself.

 

[Paul_JJ]

I suppose on you diagram company 200 network must be connected to the ethernet hub directly, not to the PC1??? The VNC doesn't read your second network card I THINK it works with just one network card at a time, also you might have a firewall installed there. And why on earth someone did the connection this way? just put the switch instead of the PC1 and connect the PC1 to the switch as well...

I'm not a pro in networks, I know a server professional who I send my customers to when they need any server work to be done, but he's charging a fortune and I doubt he will be any help without actually looking at the network.

 

[dac69er]

this is a very simplified version of the network. where my pc and pc1 connect is in the server room for the company, so many more computers are on this network. this is a corporate network that is connected to the internet somewhere along the line.

the other network that is only connected to pc1 is a control network for running the factory. it is not directly connected to the 200 network as we dont need plant control traffic being sent across the corporate network.


just wondered if there was a way of using pc1 as a router to connect to the other network as it would aid me with fault finding etc as i can manage the factory control system more easily from my desk rather than running round to local machines. lazy i know

 

[Arnold]

this is a very simplified version of the network. where my pc and pc1 connect is in the server room for the company, so many more computers are on this network. this is a corporate network that is connected to the internet somewhere along the line.

the other network that is only connected to pc1 is a control network for running the factory. it is not directly connected to the 200 network as we dont need plant control traffic being sent across the corporate network.

just wondered if there was a way of using pc1 as a router to connect to the other network as it would aid me with fault finding etc as i can manage the factory control system more easily from my desk rather than running round to local machines. lazy i know

An option i can think of:

If the second network card is on a different address range, then set up a route on your PC with PC1 as the gateway to that network. Instead of using the default gateway of your network, it'll go to that one instead and access the PC's no problem. Check out the command prompt route add for details

You may also be able to do something with routing and remote access on PC1, or, install a router between 200 and PC1 and route traffic accordingly.

Hope this helps

 

[dac69er]

i have to keep anything i do local to machines without adding anything into the 200 network due to IT restrictions.

i will have a look at your first suggestion and see how i get on. im not sure how i would go about it with vnc. ive tried a few things, and im sure that was one of them.

will let you know how i get on.

thanks

 

[Gryzor]

If the OS is windows you have a windows server version, this will allow a number of users using remote access to connect to and login to the one machine, so rather than taking full control of the machine you just connect as a separate user.

You could try running vnc client on PC1 connected to PC2 then vnc client on your PC connecting to PC1..

VPN tunnel on router allowing only PC1 to connect.

 

[dac69er]

hmmm, that sounds a bit messy. looking for an almost 1 click approach, as per the normal vnc connection.

i can vnc from my pc to pc1 and then from that to any of the other pc's on the other network, but then the use of pc1 has gone.

looking of a way of basically passing through pc1 from the 200 network to the other network without affecting pc1.

 

[Gryzor]

http://www.hoagieshouse.com/apps/IP_Tunnel.html

 

[dac69er]

had read a bit about ip tunnelling, but always specified doing it via the internet and 2 routers. as the second network has no connection to the internet i didnt think it would work?

i will give it a go and see. its both networks being on the same pc that seems to complicate things!

 

[Gryzor]

had read a bit about ip tunnelling, but always specified doing it via the internet and 2 routers. as the second network has no connection to the internet i didnt think it would work?

i will give it a go and see. its both networks being on the same pc that seems to complicate things!

very true , it's much easier through a router... just do away with pc1 and plug in the net 200 cable

 

[Paul_JJ]

very true , it's much easier through a router... just do away with pc1 and plug in the net 200 cable

That's exactly what I said above. But I think that network was kept out of the network 200 for a reason! The Admin might actually explain why on earth he connected 2 networks using a PC, where you can get a switch for £20 off the ebay???

 

[Gryzor]

That's exactly what I said above. But I think that network was kept out of the network 200 for a reason! The Admin might actually explain why on earth he connected 2 networks using a PC, where you can get a switch for £20 off the ebay???

probably just down to network security

 

[dac69er]

the 200 network is 1 of the 2 main work networks on site. there is what is called the '100' network for the 2 offices and another network, the '200' network which covers production and engineering.

pc1 in my diagram is a SCADA control computer used to control the flour mill plant in the factory. it connects to a workstation pc (a mimic of the main SCADA control) an HMI and 2 separate PLC's on the separated network. this wants to be kept physically separate from the main 200 network for obvious reasons. mainly, repairing a small local network of 4-5 devices is a damn site easier than a large sitewide network. if the networking between the control devices fails, the plant stops!!!

the control signals sent from these devices do not need to pass information through works servers under normal conditions. but for maintenance and support work, being able to access them directly via vnc is very handy.

 

[dac69er]

An option i can think of:

If the second network card is on a different address range, then set up a route on your PC with PC1 as the gateway to that network. Instead of using the default gateway of your network, it'll go to that one instead and access the PC's no problem. Check out the command prompt route add for details

tried that and it was a fail lost all plant comms. the SCADA package doesn't seem to like it when you mess with the local network connection, even when you specify the network it needs to connect too.