For some people, it’s the freedom and flexibility. For others, it’s a necessity. Then there are a few stubborn folks (like myself), who simply refuse to limit themselves to the ball-and-chain of a LAN. I want access to my data and computers at anytime, from anywhere, without being held captive by 3rd party solutions for cloud storage and remote desktop connections.
What is remote access?
Have you ever left home and wished that you had a copy of your resume? Or maybe you wanted to show someone that cute baby video? Or suppose you want to login to your home desktop computer from the Bahamas and run maintenance programs on your PC while you’re sipping on two-for-one margaritas at the beach.
Sure, you can use a third party services like DropBox.com, Box.net, or Google Docs to manage files. You can also subscribe to a paid service like “GoToMyPC.com” to use your computer from a remote location.
These methods are all fine-n-dandy if you don’t mind surrendering control, or paying a monthly fee. There’s no need to pay a monthly fee for what you can do free! (hey, that rhymed!) Furthermore, why deal with their size quota’s and file type limitations?
With remote access to your network, you are no longer bound within the confines of your LAN. Nor must you work at the mercy of 3rd party “paid” services.
What are the benefits of using remote access?
After you setup remote access to your network, you can do a lot of really cool stuff, for example:
- Access and control your computer from anywhere
- Retrieve music and video files from your media server
- Watch home surveillance cameras on your smart phone
- Login to your router and even administer your network
- Monitor LAN activity to see what your kids are doing online (word of caution: you may not like what you find)
All of these things require “access” to your LAN. Without access to your Local Area Network, every device connected behind your router is off-limits from the Internet. Therefore, everything in your LAN is inaccessible from the outside world. What a pain in the rear-o’!
What do I need to enjoy remote access?
For starters, you’ll need to serve the requests coming into your network. Then, you’ll need to route those requests through your network.
In order to serve requests coming into your network, you’ll need a way to update your public IP address. This way, you never have to remember what it is. Thankfully, our trusty custom firmware makes this super-easy. Both DD-WRT and Tomato firmware comes with an IP update utility that can do this for you automatically. This feature is called DDNS (Dynamic Domain Name Server).
Secondly, you’ll need to permit certain types of traffic to pass through your router. We’ll talk about this in a moment. For now, let’s stay focused on how to serve requests coming into our network.
What is DDNS and how does it work?
Dynamic DNS (DDNS) is particularly helpful in residential home networks whereby the ISP issues a public IP address that changes dynamically without notice. DDNS takes a domain name such as www.yourdomain.com and associates it with your public IP address. It also updates your public IP address at predefined intervals (say, every 7, 14, or 28 days).
A domain name alone will not cure the problem of a dynamic public IP address. There must be a device in your network that will “update” your public IP address and notify your domain name registrar automatically. That’s where DDNS comes in.
This way, when your ISP gets a “wild hair” and decides to change your public IP address, the DDNS feature within the router will notify your domain name registrar (or DDNS service) and say, “Hey, we have a new IP address! Please send all traffic to my new IP address!”
The domain name registrar will then update your public IP address and forward all inbound requests (requests to www.yourdomain.com) to your newly updated IP address. Cool huh? Now you can reach your network easily with yourdomain.com, rather than struggling to remember an IP address that can change without notice, at any time.
What choices do I have for obtaining a domain name?
You can get a free or paid domain name. Free domains aren’t really yours. They’re typically identified by a hostname or username, followed by a domain name. I prefer having a paid domain because I like the additional flexibility and choice of what my domain name looks like. With a free domain name, your address will look something like this:
- hostname.real-domain.com
With a paid domain name, your address will look like this:
- yourdomain.com
Note: Not all domain registrars offer Dynamic DNS as part of their service. Namecheap.com does offer this. Another reason I like them is because their interface is simple and they don’t hammer you with marketing offers and “slip” things into your shoppingcart during checkout. If you’re on a tight budget, the following services offer free DDNS services:
How do I forward requests through my network?
Ok, now that we can serve requests coming “to” our network, let’s talk about how to forward those requests “through” our network.
At the beginning of this section, we were sitting in the Bahamas enjoying two-for-one margaritas and trying to use the Microsoft Remote Desktop (RDP) utility on our laptop to connect to our desktop PC at home, thousands of miles away. Though we had no trouble getting “to” our network, we couldn’t get “through” the firewall in the router to reach our desktop PC.
The problem is that without port forwarding configured on our router, the request coming “to” our network from the Remote Desktop client on our laptop, the request died at the router and never reached our desktop PC located inside of our LAN.
What is Port Forwarding?
The first time I heard the term “port forwarding” I thought it was something straight out of a Star Trek movie, or something reserved for “left-brain” people (you know… smart folks). I soon learned that this “Poindexter” stuff wasn’t so intimidating after all.
You see, when two computers communicate via the Internet, they do so through a channel called a “port”. Routers have internal ports and external ports. Various Web applications use different ports. For example: Web servers use port 80, whereas email clients such as Microsoft Outlook use port 110. A router is designed to navigate data in and out of these internal and external ports.
How does port forwarding work?
How does the router know which computer to send the Web traffic to? The answer lies in the “association” of IP addresses.
Port forwarding is basically a mapping feature. It tells the router which computer to direct traffic to based on the logical IP address that is “mapped” or “associated” with a port number, or range of port numbers. In the image below, port 80 is “mapped” to the static IP address of the server (which is logically located at the IP address 192.168.1.2).
You can configure multiple port forwarding rules for multiple applications and devices. In the diagram above, I have a desktop computer and a server. I need to configure port forwarding rules for both devices… for three entirely different reasons.
The server will host a website for me. My server also has a web-based administration panel that I would like to access from anywhere. Additionally, I also need access to my desktop computer while I’m away. Therefore, I’ll need to configure three port forwarding rules: (1) one for the website, (2) one for the server admin panel, and (3) a remote desktop connection to my desktop computer.
For this reason, devices that depend on port forwarding should always have a static IP address. They should never rely on dynamic IP addresses.
In order for the server to host my website publicly for the Word-Wide-Web, the router must first allow internet requests to pass through port 80. To access my servers administration panel, the router must allow requests through port 5000. And finally, to access my desktop computer, the router must also allow a connection through port 3389.
Why these particular port numbers? No, I didn’t pull them out of thin air. Remember, different applications use different port numbers and protocols. Check with your hardware vendor or software documentation to determine your port forwarding requirements.
- Port 80 is the default port for Web servers.
- Port 5000 is the default port used to access my home server.
- Port 3389 is the default port for Windows RDP (Remote Desktop Connection).
If you’re not sure what port your application uses, check the following resource:
http://portforward.com/cports.htm
How does port forwarding affect usage and navigation?
Once port 80 is open on the router and it has been mapped to the IP address of the server, I can reach my website three different ways:
The first way, is from within my LAN by typing the private IP address into my browser (192.168.1.2). This method does not request DNS information from the Web. Therefore, the request never travels outside of my LAN.
The second way is to enter my public IP address (74.68.117.209). This method does send a request externally to the WAN. You can reach this address from the Bahamas.
And finally, the third method, using a domain name such as www.mydomain.com. This method also sends a request externally to the WAN. In this case, the browser requests DNS information from the Web and resolves my public IP address behind the scenes.
What about the administration panel? For my particular server (Synology DS710+), the application that manages the server is called DSM (Disk Station Manager). The DSM software is a web-based application that uses port 5000. In order to reach the DSM, I must append the port number to the private IP address, the public IP address, or domain name, separated by a colon.
For example: http://74.68.117.209:5000. Doing so takes me directly to the servers DSM application and prompts me to login.
With ports 80 and 5000 open on my router, I can now access my website and my server administration panel from inside of my LAN, or outside from the Internet. This gives me access to my home network at anytime, from anywhere in the world.
And finally, by mapping port 3389, I can now connect and use my desktop computer from anywhere in the world. I can access it on my local network, or from a remote location using the public IP address, or the domain name, followed by the port number.
Windows RDC is an extremely useful feature when you need access to a remote computer. But that’s just the beginning. Once you have remote access to your network, you are no longer bound within the confines of your physical location. Setup remote access and take your network with you.