Q&A: Remote sharing and IP addresses

Q On my local network at home, my Macs have IP addresses of and .102, and I can share screens between them. How do I go about doing the same thing remotely? Surely, their IP addresses are then no longer unique?

A IP addresses in the block 192.168.x.x, like 10.x.x.x and 172.16.x.x-172.31.x.x, are for local use only and cannot be used over the Internet. Your home network will instead be ‘seen’ at the external IP address of its router.

Unless your ISP has allocated it a static address, normally a chargeable extra, that address will change every 24 hours or so. Whilst you can look it up, the address will need to be passed to anyone who wants to connect from the Internet.

You will also need to configure your router to pass incoming traffic to a designated local IP address by network address translation (NAT). Your firewall will need to be set up so that it allows incoming connections on the specific ports required by the screen-sharing system that you are using (something detailed in its documentation, for example TCP port 5900 for that enabled in the Sharing pane). Here you are producing a serious vulnerability in your Internet security, because once a port is open, anyone can try to access it, and potentially gain entry to your network.

There are two popular solutions to this: use virtual private networking (VPN), or special sharing software that does not require incoming connections.

VPN normally works in suitably-equipped routers, and when properly configured should be secure. Sharing services such as TeamViewer work as each end connects through a common server, and neither has to accept incoming connections. This has disadvantages, as all traffic has to pass through the service’s routers, which can impose significant performance impediments.

Whatever you do, be assiduously careful not to make your home network vulnerable to intruders.

Updated from the original, which was first published in MacUser volume 27 issue 14, 2011.