Saturday, February 23, 2013

Access Your Home Computers from Anywhere


Know Your Network, Lesson 4: Access Your Home Computers from Anywhere

You've picked out your hardware and set up the basics, and configured your network to perform at its best and fastest. Now it's time to open the gates to the outside world. In this lesson, we're going to walk you through how to set up your router so you access your home computers from anywhere—and with your own friendly, easy-to-remember URL.
Setting up remote access to your local network is one of the coolest things you can do with your router, as it allows you to remotely view your screen, access files, control services like BitTorrent remotely, and so on. Basically, anything you can do at home can be made possible by just opening a few ports on your router. It can seem a little daunting if you've never done it before, but once you understand what everything means and where to find the information you need, you should have no trouble getting things to work. We're going to go over basic setup and then talk briefly about a few bonus options as well, including:

Port Forwarding and More

By default, your local network is local and cut off from the rest of the internet. In most cases you have just one IP address that's shown to the world, despite the many that your router distributes to your individual computers and devices locally. What port forwarding does is take a port on that shared IP address that's available to the rest of the web and forwards it to one of your local machines. This lets people from outside access services on your local network.
Setting up port forwarding is pretty straightforward, but before you get started, you need to know what ports you want to open up. Most of the time, you'll set up port forwarding on an as-needed basis—say after you've set up a new service on your computer For example, if you're trying to run a web server off your machine you'll need to open up port 80. If you want to open up SSH access, you'll need to open up port 22. Those are just two of many possibilities, and you probably don't have every port for every service memorized.
This is where a site like PortForward.com can help, as it provides a handy list of common ports for specific services. You can use this list to check which ports you need to open for whatever services you want to make available from outside your home network.
Once you've figured out all the ports you want to open, just head on over to the port forwarding section of your router (if you don't know where it is, just click around a little). In DD-WRT, it's in the NAT & QoS section. Other routers may list it simply as Port Forwarding (all on its own) or Virtual Servers. Let's take a look at what a filled-out port forwarding table looks like:
While things may differ slightly depending on your router's firmware, this table is pretty standard. Here's what all of those fields mean:
  1. Application - The name of the application you're forwarding this port for. You can use any descriptive text you want—this field is here to help you remember why you set this up; like the name suggests, you normally want to use the name of the application you're setting up port forwarding for. I also include my computer's name along with the service, since I forward ports for the same applications on different computers. For example, you'll see VNC service set up for both Grey and Hunter. I include their names in the Application section so I know which port forwarding rule is for which computer.
  2. Port to - "Port to" is the port on your local IP address. If you were setting up VNC for a local computer, you'd fill this in with 5900 as that's the port number VNC uses.
  3. Port from - "Port from" is the port on your external IP address. Generally you'll also enter the same port as you would in the "Port to" field. This works just fine when you're configuring only one machine for one type of service. But say you wanted to be able to remotely access two or more computers using VNC. If you used 5900 on a single, external IP address they would be in conflict. The router would see a request for port 5900 and not know which local IP address should handle that request since the port forwarding table has two. To solve this problem, you can use the standard port for one and not for the other—kind of like an apartment building has a single address but multiple apartments. As you can see in the sample routing table above, Grey's "Port from" is set to 5900 while Hunter's "Port from" is set to 5901. If you try to use VNC normally on my external IP address, you'll be asked to log in to Grey because it uses the standard port. If you want to access Hunter, however, you can easily do so by just using port 5901 instead of the default. This way you can set up identical services with a single external IP address without conflicts.
  4. Protocol - This is where you specify whether or not your service uses the TCP protocol, UDP protocol, or both. When you look up your ports you'll also want to make note of the protocols used. In most cases it will just be TCP.
  5. IP Address - This is where you specify the LAN (local area network) IP address of the computer you want to use for this port forwarding rule. You can easily find this information in your computer's network settings. The IP address will generally be in the 192.168.x.x or 10.0.x.x format. Because these IP address are generally dynamic (meaning they can change), you'll want to either set up static IP addresses or DHCP reservations. More information on that is available below.
  6. Enable - You need to check this box to enable the port forwarding rule. If you don't check it, you'll still be able to save the rule but it won't be active or function in any way.
Now that you understand what these fields mean, click the "Add" button at the bottom to add a new port forwarding rule. Fill everything out with the desired information (such as port 21 for FTP, 22 for SSH, 5900 for VNC, etc.) and don't forget to check the enable box to make sure everything works. When you're done entering all your rules, save it and you're all set.

Port Range Forwarding

Sometimes you want to open a range of ports on a particular machine and not just one at a time. Some routers offer the option of port range forwarding in addition to regular old port forwarding (like we just discussed). This works in the same way, except you specify a range (e.g. ports 21 - 80).

The DMZ

DMZ stands for De-Militarized Zone and is a simple way to open up every port on a single computer. If your router has this feature, just visit the DMZ page and enter that computer's IP address. While convenient if you only have one computer you want available for remote access, this isn't very secure. You're essentially allowing any kind of traffic to be forwarded to this machine. Even if you only have one computer, you're still better off manually entering each service you want to open. Only use this if you really have a good reason to do so.

DHCP Reservations

One of the annoying aspects of port forwarding is that your router dynamically assigns IP addresses to your computers. That means the local IP addresses of you computers may change, which can render that port forwarding you did incorrect or non-functional. While setting up static IP addresses on your local machine is one option, DHCP reservations are better if you've got the option in your router. This is common in Linksys and D-Link routers but generally not included in Belkin. It's also available in DD-WRT in the Services section, but it's easy to miss.
DHCP reservations let you specify static local IP addresses on the router's side so that when your computer connects to your network, your router will always assign it the same local IP address. To set it up, decide what local IP address you want for a given computer (or other device) and find it's MAC address. Your MAC address is a 12-digit alphanumeric string separated by two digits at a time. It generally looks like 1A-2B-3C-4D-5E-6F or 1A:2B:3C:4D:5E:6F. To locate it on Windows, click the Start menu and choose run. Then type ipconfig/all. The "Physical Address" is your MAC address. On Mac OS X, just open System Preferences, choose Network, click More Info, and then the Hardware tab. Your MAC address should be the first thing displayed. Once you've got that you can just enter it in the reservation list with the local IP address you want and you're also set. Just be sure to save and enable it. You may need to restart your router to see the changes take effect, but once you do the computers and devices in the reservations table will retain the same local IP addresses. This solves pretty much every kind of problem. For information on setting this up, check out our guide to DHCP reservations.

Assign a Friendly Domain Name to Your Router with Dynamic DNS

DNS is a service that lets you access your home computers using a nice doman name (e.g. myfancyrouter.net) instead of a numeric IP address (e.g. 72.54.34.90). Depending on your internet provider, however, your external IP address may periodically change. That's why you need Dynamic DNS. It points a friendlier domain name to your numeric IP address just like regular DNS, but compensates for that IP address' proclivity to change. So, rather than typing in 76.xxx.xx.xx every time you want to remotely access your home computer, you can type something friendly like myawesomecomputer.dyndns.tv.
You can accomplish this task in a couple of ways. First, you can download some software from your dynamic DNS provider that will automatically check and update your external IP address at a set interval. Second, your router may already support some dynamic DNS providers and can perform this update for you automatically (which is the easier method). Two of the most popular providers of dynamic DNS services are DynDNS and No IP, but there are others. These services are generally free but offer perks at a cost. Some routers only support one of these services, but custom firmware like DD-WRT support both and more.
To set up dynamic DNS, you just need to sign up for an account with one of these services and enter your account credentials into the dynamic DNS section on your router. If your router doesn't support your service of choice, you can just download software from your service provider like we mentioned earlier. You'll need to keep this software running pretty much 24/7, so it's definitely better if you can leave the task of dynamic DNS to your router.
If you want further setup instructions, here's how to set things up with DynDNS and No IP. Your router may support other services, but it's likely to support at least one of those.

That's all for today's lesson. In our final lesson, we'll be taking a look at some fun and useful bonus features you may have on your router plus resources for learning more. As always, if you're behind on your lessons, you can find everything you've missed and a PDF of all the lessons in the Know Your Network Complete Guide.

No comments:

Post a Comment