Thursday, October 21, 2010

How to Enable PHP function for a one account ?

SkyHi @ Thursday, October 21, 2010
IF you disable PHP function in php.ini file and if you want to enable any particular function only one account .Then You can however use suhosin to enable a function for one domain only.

How can you do that ?

After installing suhosin, remove all functions from disable_functions in php.ini and add in php.ini suhosin.executor.func.blacklist = “exec,passthru,shell_exec” and all the functions that you want to disable globally.

After that for each domain in the virtual host section you can add suhosin.executor.func.blacklist again but without the function that you need to enable. And so you will enable that function only for one domain.


<IfModule mod_php4.c>
php_admin_value open_basedir “/usr/lib/php”
<IfModule mod_php5.c>
php_admin_value open_basedir “/usr/lib/php”
php_admin_value suhosin.executor.func.blacklist = “passthru,shell_exec”

In this example exec has been enabled for the VirtualHost. This way it will be better as you do not neet to modify all the virtual hosts only the ones that you need to enable one or more functions.

This wont work if you have suphp as you cant use php_admin_value

is there a solution to that?


CentOS change hostname without reboot

SkyHi @ Thursday, October 21, 2010
Step 1:
You may also need to add/change the hostname in the /etc/hosts file. By default this would look something like this, using our example again: localhost localhost.localdomain

Step 2:
The file /etc/sysconfig/network contains the hostname and will look something like this:


Step 3:
This change won't take affect until the next reboot, but you can make the change happen immediately using the hostname command like so:

$ hostname

Step 4:
service syslog restart

Change your Hostname without Rebooting in RedHat Linux
Written by Tony Bhimani
September 8, 2005
RedHat Linux (should apply to 7.x and up)
This tutorial covers changing your hostname in RedHat Linux without having to do a reboot for the changes to take effect. I've tested this on RedHat 7.3, 9, Fedora Core 3, and CentOS 4.1. It should work for all the versions in between since they all closely follow the same RedHat configuration. What's the point of this tutorial? Never reboot if you don't have to and keep your uptime intact.
Make sure you are logged in as root and move to /etc/sysconfig and open the network file in vi.
cd /etc/sysconfig
vi network

Look for the HOSTNAME line and replace it with the new hostname you want to use. In this example I want to replace localhost with redhat9.

When you are done, save your changes and exit vi. Next we will edit the /etc/hosts file and set the new hostname.
vi /etc/hosts

In hosts, edit the line that has the old hostname and replace it with your new one.  redhat9

Save your changes and exit vi. The changes to /etc/hosts and /etc/sysconfig/network are necessary to make your changes persistent (in the event of an unscheduled reboot).
Now we use the hostname program to change the hostname that is currently set.
hostname redhat9
And run it again without any parameters to see if the hostname changed.

Finally we will restart the network to apply the changes we made to /etc/hosts and /etc/sysconfig/network.
service network restart

To verify the hostname has been fully changed, logout of your system and you should see your new hostname being used at the login prompt and after you've logged back in.

Quick, painless, and you won't lose your server's uptime.



Wednesday, October 20, 2010

Converting from mbox to maildir, procmail to deliver+dovecot+sieve

SkyHi @ Wednesday, October 20, 2010

I’ve been wanting to do this for a while, but too busy, too lazy and finally too worry that I might lose my mail archive…. etc…etc…etc..

Over last weekend, I bit the bullet and did it.  Partly because my DSL line was down, so there was no network activities, no mail, so might as well take advantage of the down time.  My next project is to drop AT&T DSL, I am tired of their bs.

Not meaning to get off the subject, but I am one of the earliest DSL sub in the neighborhood.  Got mine in ’96 (only 768k down/256K up).  I am about ~14-15000 ft from nearest CO, limit of DSL line.  Back then, Pacbell promised they will upgrade facility in the area so I can get faster speed.  Fast forward to 2009, 14 years later, still same old… and still crappy service.

Ok, back to converting from mbox+procmail+dovecot to maildir+deliver+dovecot+sieve.  My mail archive goes back a long way, still have emails from 1987 (UUCP/Usenet mail).  I’ve always used mbox format, as that was the default then, and since I never used qmail….

I do separate my mail into folders (just another mbox file) of course, otherwise my main mailbox would be in the gigabyte range.  I use procmail to filter incoming email into these separate boxes, to automate dealing with requests, to bounce spam, etc.  My .procmailrc is around 30K in size with lots of recipes, and also pulling in dozens of include files.

I knew that mbox is inefficient and that procmail is killing my system I/O, but sheer inertia kept me where I am.

After some research, I found — a Perl script — that will do most of the grunt work in converting an mbox file into maildir.   I am using Postfix for my MTA and dovecot for IMAP, so support for maildir is already there.  Supposedly, procmail supports maildir, but…

Here is the basic HOW-TO for converting mbox to maildir.

Basics: I am using Postfix, dovecot on FC11

1. Stop postfix and dovecot.

2. Install dovecot-sieve (and dovecot-managesieve if you have users beside yourself)

3. Edit /etc/postfix/ and change mailbox_command to /usr/libexec/dovecot/deliver

mailbox_command = /usr/libexec/dovecot/deliver -a “$RECIPIENT”

The -a “$RECIPIENT” part is if you want to use

4. Edit /etc/dovecot.conf

  • look for protocol lda { section and make sure this is there, add/uncomment/edit if not
  • # Support for dynamically loadable plugins. mail_plugins is a space separated

    # list of plugins to load.

    mail_plugins = sieve

    mail_plugin_dir = /usr/lib/dovecot/lda
  • look for plugin { section and look for these lines:
  • # Sieve plugin ( and ManageSieve service


    # Location of the active script. When ManageSieve is used this is actually

    # a symlink pointing to the active script in the sieve storage directory.



    # The path to the directory where the personal Sieve scripts are stored. For

    # ManageSieve this is where the uploaded scripts are stored.

  • Make sure /usr/libexec/dovecot/deliver exists and is executable.

5. If your mbox is in /var/spool/mail/yourname (or in /var/mail/yourname), i.e. mine is /var/spool/mail/tin, then you can run the following command to convert that mbox into maildir.

mb2md -s /var/spool/mail/tin

mb2md will automaticaly create a directory named Maildir in your home directory (i.e. it created /home/tin/Maildir for me).  The converted maildir files will go in there (from /var/spool/mail/tin).

My filtered incoming mail (via procmail) is in the mail directory of my home directory, i.e. /home/tin/mail.  There are multiple directories and multiple mbox files in there.

There are also directories such as .imap directory, created by dovecot.  Anything there that is not a valid mbox file will be ignored by mb2md.

So now run

mb2md -s /home/tin/mail -R

That should recursively travel into your mail folder and convert all mbox files there into maildir format in your Maildir directory.

I did found some mbox files that was ignored or failed to convert.  But manually running mb2md on those file worked, e.g. mb2md -s /home/tin/mail/missed-mbox-file.

To make sure there won’t be an accident, I renamed my mail folder to mail.old.  Then start up postfix, dovecot.

I’ll add more information about the .dovecot.sieve file later.


Detect Mobile Browser

SkyHi @ Wednesday, October 20, 2010

PHP code:
if(preg_match('/android|avantgo|blackberry|blazer|compal|elaine|fennec|hiptop|iemobile|ip(hone|od)|iris|kindle|lge |maemo|midp|mmp|opera m(ob|in)i|palm( os)?|phone|p(ixi|re)\/|plucker|pocket|psp|symbian|treo|up\.(browser|link)|vodafone|wap|windows (ce|phone)|xda|xiino/i',$useragent)||preg_match('/1207|6310|6590|3gso|4thp|50[1-6]i|770s|802s|a wa|abac|ac(er|oo|s\-)|ai(ko|rn)|al(av|ca|co)|amoi|an(ex|ny|yw)|aptu|ar(ch|go)|as(te|us)|attw|au(di|\-m|r |s )|avan|be(ck|ll|nq)|bi(lb|rd)|bl(ac|az)|br(e|v)w|bumb|bw\-(n|u)|c55\/|capi|ccwa|cdm\-|cell|chtm|cldc|cmd\-|co(mp|nd)|craw|da(it|ll|ng)|dbte|dc\-s|devi|dica|dmob|do(c|p)o|ds(12|\-d)|el(49|ai)|em(l2|ul)|er(ic|k0)|esl8|ez([4-7]0|os|wa|ze)|fetc|fly(\-|_)|g1 u|g560|gene|gf\-5|g\-mo|go(\.w|od)|gr(ad|un)|haie|hcit|hd\-(m|p|t)|hei\-|hi(pt|ta)|hp( i|ip)|hs\-c|ht(c(\-| |_|a|g|p|s|t)|tp)|hu(aw|tc)|i\-(20|go|ma)|i230|iac( |\-|\/)|ibro|idea|ig01|ikom|im1k|inno|ipaq|iris|ja(t|v)a|jbro|jemu|jigs|kddi|keji|kgt( |\/)|klon|kpt |kwc\-|kyo(c|k)|le(no|xi)|lg( g|\/(k|l|u)|50|54|e\-|e\/|\-[a-w])|libw|lynx|m1\-w|m3ga|m50\/|ma(te|ui|xo)|mc(01|21|ca)|m\-cr|me(di|rc|ri)|mi(o8|oa|ts)|mmef|mo(01|02|bi|de|do|t(\-| |o|v)|zz)|mt(50|p1|v )|mwbp|mywa|n10[0-2]|n20[2-3]|n30(0|2)|n50(0|2|5)|n7(0(0|1)|10)|ne((c|m)\-|on|tf|wf|wg|wt)|nok(6|i)|nzph|o2im|op(ti|wv)|oran|owg1|p800|pan(a|d|t)|pdxg|pg(13|\-([1-8]|c))|phil|pire|pl(ay|uc)|pn\-2|po(ck|rt|se)|prox|psio|pt\-g|qa\-a|qc(07|12|21|32|60|\-[2-7]|i\-)|qtek|r380|r600|raks|rim9|ro(ve|zo)|s55\/|sa(ge|ma|mm|ms|ny|va)|sc(01|h\-|oo|p\-)|sdk\/|se(c(\-|0|1)|47|mc|nd|ri)|sgh\-|shar|sie(\-|m)|sk\-0|sl(45|id)|sm(al|ar|b3|it|t5)|so(ft|ny)|sp(01|h\-|v\-|v )|sy(01|mb)|t2(18|50)|t6(00|10|18)|ta(gt|lk)|tcl\-|tdg\-|tel(i|m)|tim\-|t\-mo|to(pl|sh)|ts(70|m\-|m3|m5)|tx\-9|up(\.b|g1|si)|utst|v400|v750|veri|vi(rg|te)|vk(40|5[0-3]|\-v)|vm40|voda|vulc|vx(52|53|60|61|70|80|81|83|85|98)|w3c(\-| )|webc|whit|wi(g |nc|nw)|wmlb|wonu|x700|xda(\-|2|g)|yas\-|your|zeto|zte\-/i',substr($useragent,0,4)))

Apache .htacess

RewriteEngine On
RewriteBase /

RewriteCond %{HTTP_USER_AGENT} android|avantgo|blackberry|blazer|compal|elaine|fennec|hiptop|iemobile|ip(hone|od)|iris|kindle|lge\ |maemo|midp|mmp|opera\ m(ob|in)i|palm(\ os)?|phone|p(ixi|re)\/|plucker|pocket|psp|symbian|treo|up\.(browser|link)|vodafone|wap|windows\ (ce|phone)|xda|xiino [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^(1207|6310|6590|3gso|4thp|50[1-6]i|770s|802s|a\ wa|abac|ac(er|oo|s\-)|ai(ko|rn)|al(av|ca|co)|amoi|an(ex|ny|yw)|aptu|ar(ch|go)|as(te|us)|attw|au(di|\-m|r\ |s\ )|avan|be(ck|ll|nq)|bi(lb|rd)|bl(ac|az)|br(e|v)w|bumb|bw\-(n|u)|c55\/|capi|ccwa|cdm\-|cell|chtm|cldc|cmd\-|co(mp|nd)|craw|da(it|ll|ng)|dbte|dc\-s|devi|dica|dmob|do(c|p)o|ds(12|\-d)|el(49|ai)|em(l2|ul)|er(ic|k0)|esl8|ez([4-7]0|os|wa|ze)|fetc|fly(\-|_)|g1\ u|g560|gene|gf\-5|g\-mo|go(\.w|od)|gr(ad|un)|haie|hcit|hd\-(m|p|t)|hei\-|hi(pt|ta)|hp(\ i|ip)|hs\-c|ht(c(\-|\ |_|a|g|p|s|t)|tp)|hu(aw|tc)|i\-(20|go|ma)|i230|iac(\ |\-|\/)|ibro|idea|ig01|ikom|im1k|inno|ipaq|iris|ja(t|v)a|jbro|jemu|jigs|kddi|keji|kgt(\ |\/)|klon|kpt\ |kwc\-|kyo(c|k)|le(no|xi)|lg(\ g|\/(k|l|u)|50|54|e\-|e\/|\-[a-w])|libw|lynx|m1\-w|m3ga|m50\/|ma(te|ui|xo)|mc(01|21|ca)|m\-cr|me(di|rc|ri)|mi(o8|oa|ts)|mmef|mo(01|02|bi|de|do|t(\-|\ |o|v)|zz)|mt(50|p1|v\ )|mwbp|mywa|n10[0-2]|n20[2-3]|n30(0|2)|n50(0|2|5)|n7(0(0|1)|10)|ne((c|m)\-|on|tf|wf|wg|wt)|nok(6|i)|nzph|o2im|op(ti|wv)|oran|owg1|p800|pan(a|d|t)|pdxg|pg(13|\-([1-8]|c))|phil|pire|pl(ay|uc)|pn\-2|po(ck|rt|se)|prox|psio|pt\-g|qa\-a|qc(07|12|21|32|60|\-[2-7]|i\-)|qtek|r380|r600|raks|rim9|ro(ve|zo)|s55\/|sa(ge|ma|mm|ms|ny|va)|sc(01|h\-|oo|p\-)|sdk\/|se(c(\-|0|1)|47|mc|nd|ri)|sgh\-|shar|sie(\-|m)|sk\-0|sl(45|id)|sm(al|ar|b3|it|t5)|so(ft|ny)|sp(01|h\-|v\-|v\ )|sy(01|mb)|t2(18|50)|t6(00|10|18)|ta(gt|lk)|tcl\-|tdg\-|tel(i|m)|tim\-|t\-mo|to(pl|sh)|ts(70|m\-|m3|m5)|tx\-9|up(\.b|g1|si)|utst|v400|v750|veri|vi(rg|te)|vk(40|5[0-3]|\-v)|vm40|voda|vulc|vx(52|53|60|61|70|80|81|83|85|98)|w3c(\-|\ )|webc|whit|wi(g\ |nc|nw)|wmlb|wonu|x700|xda(\-|2|g)|yas\-|your|zeto|zte\-) [NC]
RewriteRule ^$ [R,L]

Javascript code:
(function(a,b){if(/android|avantgo|blackberry|blazer|compal|elaine|fennec|hiptop|iemobile|ip(hone|od)|iris|kindle|lge |maemo|midp|mmp|opera m(ob|in)i|palm( os)?|phone|p(ixi|re)\/|plucker|pocket|psp|symbian|treo|up\.(browser|link)|vodafone|wap|windows (ce|phone)|xda|xiino/i.test(a)||/1207|6310|6590|3gso|4thp|50[1-6]i|770s|802s|a wa|abac|ac(er|oo|s\-)|ai(ko|rn)|al(av|ca|co)|amoi|an(ex|ny|yw)|aptu|ar(ch|go)|as(te|us)|attw|au(di|\-m|r |s )|avan|be(ck|ll|nq)|bi(lb|rd)|bl(ac|az)|br(e|v)w|bumb|bw\-(n|u)|c55\/|capi|ccwa|cdm\-|cell|chtm|cldc|cmd\-|co(mp|nd)|craw|da(it|ll|ng)|dbte|dc\-s|devi|dica|dmob|do(c|p)o|ds(12|\-d)|el(49|ai)|em(l2|ul)|er(ic|k0)|esl8|ez([4-7]0|os|wa|ze)|fetc|fly(\-|_)|g1 u|g560|gene|gf\-5|g\-mo|go(\.w|od)|gr(ad|un)|haie|hcit|hd\-(m|p|t)|hei\-|hi(pt|ta)|hp( i|ip)|hs\-c|ht(c(\-| |_|a|g|p|s|t)|tp)|hu(aw|tc)|i\-(20|go|ma)|i230|iac( |\-|\/)|ibro|idea|ig01|ikom|im1k|inno|ipaq|iris|ja(t|v)a|jbro|jemu|jigs|kddi|keji|kgt( |\/)|klon|kpt |kwc\-|kyo(c|k)|le(no|xi)|lg( g|\/(k|l|u)|50|54|e\-|e\/|\-[a-w])|libw|lynx|m1\-w|m3ga|m50\/|ma(te|ui|xo)|mc(01|21|ca)|m\-cr|me(di|rc|ri)|mi(o8|oa|ts)|mmef|mo(01|02|bi|de|do|t(\-| |o|v)|zz)|mt(50|p1|v )|mwbp|mywa|n10[0-2]|n20[2-3]|n30(0|2)|n50(0|2|5)|n7(0(0|1)|10)|ne((c|m)\-|on|tf|wf|wg|wt)|nok(6|i)|nzph|o2im|op(ti|wv)|oran|owg1|p800|pan(a|d|t)|pdxg|pg(13|\-([1-8]|c))|phil|pire|pl(ay|uc)|pn\-2|po(ck|rt|se)|prox|psio|pt\-g|qa\-a|qc(07|12|21|32|60|\-[2-7]|i\-)|qtek|r380|r600|raks|rim9|ro(ve|zo)|s55\/|sa(ge|ma|mm|ms|ny|va)|sc(01|h\-|oo|p\-)|sdk\/|se(c(\-|0|1)|47|mc|nd|ri)|sgh\-|shar|sie(\-|m)|sk\-0|sl(45|id)|sm(al|ar|b3|it|t5)|so(ft|ny)|sp(01|h\-|v\-|v )|sy(01|mb)|t2(18|50)|t6(00|10|18)|ta(gt|lk)|tcl\-|tdg\-|tel(i|m)|tim\-|t\-mo|to(pl|sh)|ts(70|m\-|m3|m5)|tx\-9|up(\.b|g1|si)|utst|v400|v750|veri|vi(rg|te)|vk(40|5[0-3]|\-v)|vm40|voda|vulc|vx(52|53|60|61|70|80|81|83|85|98)|w3c(\-| )|webc|whit|wi(g |nc|nw)|wmlb|wonu|x700|xda(\-|2|g)|yas\-|your|zeto|zte\-/i.test(a.substr(0,4)))window.location=b})(navigator.userAgent||navigator.vendor||window.opera,'');

NOTE: Last Updated: 30 June 2010


Fiber Optic Connector Reference Multi-Mode versus Single-Mode Fiber

SkyHi @ Wednesday, October 20, 2010
Get Free Stuff (Xbox 360/iPod)

Name Duplex Size
(RJ45 Relative)
ST (Lucent)Half200%ST Connector
SC (EIA/TIA 568)Half200%SC Connector
FC/PCHalf200%FC Connector
SMAHalfSMA Connector
D4HalfD4 Connector
LC (Lucent)Half100%LC Connector
MUHalf100%MU Connector
MT-RJFull100%MT-RJ Connector
SC-DC/SC-QC (Siecor now Corning & IBM)Full100%SC-DC Connector
Volition VF-45 (3M)Full100%Volition Connector
TIA FOCIS-6 "Fiber Jack" (Panduit Opti-Jack)Full100%Fiber Jack Connector
MTP/MPO (USCONEC & Molex) Multi-fiber (4-12)MTP Connector
E2000E2000 Connector
SMCSMC Connector
BiconicBiconic Connector
MPX (AMP/Tyco)Multi-fiber (Up to 12)MPX Connector
OGI (3M)Multi-fiber
ESCON - Enterprise Systems CONnection (IBM)FullESCON Connector
FDDI - Fiber Distributed Data Interface (ANSI)FullFDDI Connector
SFF Connector Comparison
Comparison of Small Form Factor Connectors
B - LC
D - Duplex SC
E - Volition
F - Fiber-Jack


Related Reading Material

Mac Leopard Screen Share

SkyHi @ Wednesday, October 20, 2010
The ability to view and optionally control the screen of a remote computer can be very handy in a number of scenarios. Maybe you have a parent living in another city with questions about their computer or problems. Trying to help someone over the phone can be problematic, if when you say "Open the Finder" they reply, "What's the Finder"?
It's much easier to open a window to their Mac, open the Finder, and show them what you mean.
Or I'm at work, sitting at a Windows XP computer, and realize I really need to read a file that's sitting on the hard drive of the iMac on my desk at home. Again, it could be very convenient to have the power to open a window to my home Mac from work.
One of Leopard's improved features that's easy to miss is screen sharing; Mac OS X 10.4 had a built-in screen-sharing host, built on the open source VNC protocol, but failed to include a VNC client. As a result, users could use the Networking system preference to turn on screen sharing but couldn't remotely access their shared screen without getting a third party utility, like the free Chicken of the VNC.
Leopard adds the missing link - in fact, they include two different ways to connect to a shared screen; each has its advantages, but neither is immediately apparent.

Turn on Screen Sharing

In order to connect to a remote Mac, screen sharing first needs to be enabled on that Mac. That's done in the Sharing system preference:
The Sharing system preference in Leopard
Note that it's easy to turn screen sharing on; when you do that, you're told how to connect to your Mac . . . take note - but also note that this information may not be universally usable. For instance, you can only use the information in the screen shot to connect to my 12" PowerBook if you happen to be connected to my local network - which none of you are. You can optionally control who is able to make use of this screen sharing.
There's an optional Computer Settings button; clicking it gives the following options:
access control

Not Very Remote: Connecting Across a Local Network

I've got two Macs at home; I've enabled screen sharing on both. So I can sit with my PowerBook on my lap and open a window to the iMac in my home office, enabling me to run applications (like Quicken) that are only on the iMac. To do that from the PowerBook, I click on the Finder's Go menu and choose Connect to Server, the last item on the menu. Just as it said in the Sharing system preference pane, I type in vnc:// followed by the IP address of that Mac.
Connect to Server
(If you're going to do that more than once, you may want to click on the [+] button to add that address to the favourites list in the bottom half of the dialogue box.)
Click Connect, and pretty quickly a window to the remote Mac opens up. My 17" iMac defaults to a 1440 x 900 display, while my 12" PowerBook has a 1024 x 768 screen. Nicely, the Screen Sharing application scales the larger iMac display so that it all fits on my smaller PowerBook screen. Very nicely done.
1440 x 900 screen scaled to fit a 1024 x 768 display
One thing to be aware of, though. My various computers at home are connected to a router and get their IP addresses via the default DHCP networking option; that means that their IP addresses are temporary, assigned by the router, and could change. In reality, I've found that the DHCP-generated IP addresses are pretty stable, but if you're unable to connect, you may need to walk over to the other computer and check its IP address.
Perhaps easier than having to know the IP address of the remote computer on you local network: Once you've enabled screen sharing in this way, clicking on the computer in the Finder's sidebar, you'll now see an option to share its screen - just pick that (and optionally enter log in information), and away you go. Alternatively, clicking the Browse button in the Finder's Go/Connect to Server dialogue will take you to the same place. Either way, there's no typing IP addresses required.
Connect from the Finder
You may notice that my screen shot shows that when I'm connected, I'm running a program named Screen Sharing. You won't find a program with that name in your Mac's Applications or Applications/Utilities folders. Instead, it's cleverly buried away in the System/Library/CoreServices folder, along with the Finder application and a number of other basic Mac services.

Really Remote: Connecting Across the Internet

All this works fine as long as I'm connected to the same local area network as my not-very-remote other Mac. It's nice to be able to open an application on the other Mac without have to get out of my comfortable easy chair, but frankly, I probably could walk across the house without too much difficulty.
More useful is the ability to contact my iMac from a real 'remote' location - from work, for example, or when traveling. That can be done, but it requires a bit more work. The thing is that those IP addresses are for local area networks; the designers of the Internet and TCP/IP networking set them (and several other blocks of addresses) aside for private local networking use, making them inaccessible across the Internet. This is a very good thing, allowing a computer on your home or office network and a computer on my home network to both have the same IP address without conflicting with one another. The router has an IP address that is connected to the rest of the world. All the computers (and other devices) connected to that router share that single connection. This minimizes the number of IP addresses in use - also a good thing, as IP addresses are in increasingly short supply. And having the router in between your computers and the Internet is also a good thing, providing a layer of protection - outsiders wanting to access your computer first have to get past the router and generally fail to do so.
But you legitimately want to access your computer from outside. To do that, you need to modify your router's settings to allow for screen sharing.
Most popular routers can be accessed using a web browser and pointing to the router's address on your network; you'll be asked for login information and then directed to a webpage built right into the router. (If you don't know the default IP address and the login information, check the documentation that came with your router, either in print or on a CD; if you've lost that, it's generally available online at your router manufacturer's website).
Exact details of what to do next vary from router to router. Here's what works with my D-Link wireless router. On my router, going to gets the following log-in screen:
D-Link login
I've changed the default log-in password (and suggest you do the same!), though I kept the default user name of 'admin'. Once I'm logged in, there's a screen offering a Wizard or Manual Configuration. The Wizard won't give the advanced options I need; pick the Manual Configuration.
manual Internet connection options
Even the initial Manual Configuration screen doesn't have what I want - port forwarding. Clicking the Advanced button along the top got me there:
port forwarding rules
You may notice that I'd already set port forwarding to allow me to access my Slingbox device so that I can remotely view my cable TV.
You probably don't have a Slingbox. To enable screen sharing, however, I've added port forwarding for two ports: 3283 and 5900, setting them to forward an application named Apple Remote Desktop (the name doesn't really matter - this is just a convenience for the user so they will know what it is when checking here later) to the IP address of my iMac - the computer whose screen I want to share.
Note at the right-hand side of the window, there's a field for 'Traffic Type'; I've selected TCP. As well, further down, in a part of the window not visible in the screen shot, I've repeated those same ports application name, and IP address, this time setting Traffic Type to UDP. (There's also a potential setting of 'Any' - that might have let me avoid the duplication. Feel free to experiment.)
After making those changes, I logged out, saving my changes. That should have applied the saved changes to my router, but just to be sure, I reset it by pulling out the power cable, plugging it back in, and waiting a few moments to let it reconnect to the Internet.
But we're still not ready - we need to know what IP address your home network gets from your Internet Service Provider. That's the address you'll need to connect to in order to access your Mac's screen remotely.
One way to find that out is to open your browser (assuming you're at home, within your network) and point to: That will quickly report the IP address you're using to connect.
I couldn't use that IP to address to connect to my iMac from my PowerBook when both were connected to my home network. But when I took my PowerBook to work and typed that address in using the Finder's Go/Connect to Server menu, it worked just fine. It's a bit slower than connecting at home, but quite usable.
I've tried it from other remote sites, and it's worked without problem.
But it gets better.

Windows, too, Can Share Your Mac's Screen

At work, I've got a Windows XP system on my desk. Windows does not include VNC screen sharing as a built-in feature (though Microsoft includes its own proprietary screen sharing for remote access). But because VNC is an open-source protocol, there are a variety of utilities available for download and installation on Windows systems. I've got TightVNC installed - I use it in my school's computer lab to see what students are doing on their computers out of my sight, and to access my school's servers for administration.
Typing my home network's IP address into TightVNC and entering my password opens my home iMac in a window on my XP system at work. It's got more configuration options to fiddle with, though the default settings worked okay for me.
TightVNC Viewer Options
Screen updates are slower in my tests than Mac to Mac using Leopard's Screen Sharing - though it may be that fiddling with the TightVNC options could improve this. Nevertheless, it's usable and will prove to be useful from time to time. (Below you can see me starting to edit this report using MS Word 2008 on my iMac - in a window on my Windows Vista laptop.)
Accessing my home iMac from my office Windows PC

But How Can I Use This with My Mom?

I can't imagine getting my mom to set up port forwarding on her router, even with me on the phone. I would need to have screen sharing up and running in order to try to do this for her. And since I want to be able to share screens with her in order to help with her computer, that's not going to be much help.
But Apple has added another screen sharing feature to Leopard. This one isn't much use when I'm trying to get at my home computer from work, but it's pretty much perfect for using one Mac to share the screen of another Mac when both users are sitting at their Macs.
It uses iChat. (And you thought that iChat was just for chat!)
In order to make use of iChat screen sharing, a number of things need to be in place.
  • Both users need to have accounts that work with iChat. These could be .mac accounts, AOL Instant Messenger accounts, or Google Talk accounts. (Unlike .mac, AIM and Google Talk accounts are free. Google Talk uses the open source Jabber protocol - it's possible that other Jabber-based accounts may work as well.)
  • Users should be on each others' Buddy lists within iChat
  • Both users need to have OS X 10.5 Leopard installed on their Macs; this is a Leopard-to-Leopard feature, unlike the screen sharing described above, which can connect any computers (Mac, Windows, whatever) with a VNC-compatible protocol in place.
  • Users need to enable screen sharing - both in the Sharing system preference (as described above) and in iChat; in iChat's Video menu (or the Audio menu on my camera-less PowerBook), just click the Screen Sharing Enabled menu item.
iChat connection type iconsAssuming all these are true, both users just need to open iChat. Either should start a chat with the other. At the bottom of the little window showing buddies there is a series of icons- for text chatting, audio chatting, video chatting, and last an icon with an overlapping pair of rectangles for screen sharing.
Clicking on it let's you choose to ask the person with whom you're chatting to either let you share his/her screen or to agree to share your screen.
iChat Screen Sharing
Barry Shell would like to share their screenPick one, and they'll see something like this (left).
Assuming the other person clicks on the message to agree to it, you'll see large text pop up on your screen noting that this person is now sharing your screen. (This disappeared too quickly for me to be able to capture the text.)
Another user's shared screenIf you're sharing another user's screen, you can will see their screen in a large window (and share control of their mouse and keyboard) and see your screen in a small window. Clicking in that small window brings it to the foreground, reducing their screen to the small window - and removing your control of their mouse and keyboard.
Either way, while you're sharing screens, you also have audio chat automatically enabled. If you're doing informal tech support, you can be explaining what you're doing while you work with the remote user's mouse and keyboard.
Very nicely implemented, easy to get up and running, and easy to use. A good way for one Leopard user to be able to help another Leopard user remotely. LEM
Alan Zisman is Mac-using teacher and technology writer based in Vancouver, BC, Canada. Many of his articles are available on his website, If you find Alan's articles helpful, please consider making a donation to his tip jar.