Remote access to a network - HOW?

  • Thread starter Thread starter Steve
  • Start date Start date
S

Steve

Hi folks,

Hoping that I can get a few pointers on setting up a network to grant remote
access. We have a small LAN connected to the internet via a DSL broadband
connection (always on). Up to recently we used ISDN dial-up and had remote
access set up through dial-up connections and this worked fine. However with
the DSL being always on we cant dial up anymore and have tried accessing the
IP address of the line and the DSL modem through a browser to no avail. Is
there a service or something that needs to be running on the server? We also
have firewalls in place.

Any help or pointers in how we should be proceeding would be much
appreciated.

Cheers,
Steve.
 
Steve,

I assume you have a router, correct? Your router is also a switch to which
all your PCs are connected via their LAN ports. The DSL modem is then
attached to the router via its WAN port. The router uses DHCP (via the dsl
modem) to assign itself an IP determined by your ISP. Using NAT (Network
Address Translation), your router then maps local IP addresses (e.g.,
192.168.0.xxx) to that single IP address (external) so you can share the
resource.

That said, remote access involves a) determing the IP assigned to the router
by your ISP and b), directing inbound requests (from the WAN side) to an
appropriate machine/device (could just as well be an IP-based printer, for
example) INSIDE your network. The former can be tricky if your ISP assigns
an IP based on DHCP, i.e., it's dynamic, since it can change over time, but
I'll address that shortly. If the IP assignment is FIXED, it's must easier,
just use it for all your remote requests. But that's only half the battle.
Now you need to FIND the correct machine. But you have a problem, since the
ONLY known IP address into your network is the one assigned to the router,
which is of little value (except perhaps to administer the router's
configuration via its web interface). Once the request reaches the router
(from outside the WAN), it needs to be told WHERE to direct that request.
All routers support a feature called "IP forwarding" (it may be called
something else, D-Link calls it Virtual Servers, but the concept remains the
same). IP forwarding allows you to configure the router so that when a
request for a service comes in on a particular PORT, the router knows to
send it to another IP address (internal IP) on the same or different port
(most people keep the same port). Thus, to setup such forwarding requires
knowing the IP address of the target machine/device AND the port(s) it uses
for communication.

For example, if you have several PCs, all connected to the router, one of
which is running a web server (which by default uses port 80), and let's
assume its internal IP address is 192.168.0.100 (which was assigned by the
router), and the external IP address is 66.133.10.10 (assigned by the ISP),
then you would configure the router to forward IP requests on the external
IP address (66.133.10.10) port 80, to 192.168.0.100, port 80. If you wanted
to set up MULTIPLE web servers, then you would need to configure the router
to accept requests on another port (say, 8080) since ports can't be
repeated, and similarly, all requests on external IP address (66.133.10.10)
port 8080, would be directed to another machine, 192.168.0.101, port 80.

So if you wanted to get to machine 192.168.0.100's web server, you would
specify in IE http://66.133.10.10, but if you wanted access to machine
192.168.0.101's web server, you specify http://66.133.10.10:8080 .

That's the basic concept, of course, you may not want just ANYONE using your
services, so you can (depending on the features offered by the router) limit
time of access, limit access to only persons within a given IP address
range, setup a VPN (Virtual Private Network) if you're REALLY serious about
privacy and security, etc. But the simple case of a public web server
illustrates the basic concepts quite nicely.

Oh, getting back to that issue of the changing IP assignment, if it changes,
how do you consistently determine the current IP address, so you can still
access these services? Well, one way is to use a DDNS (dynamic domain name
service), which updates a KNOW domain name every time the IP address
changes. I use http://www.no-ip.com myself (free!), but there are others
(e.g., http://www.dyndns.org/). I simply register, create a domain name,
and then using the router (mine provides a function that updates my
no-ip.com domain name automatically), keep the current IP address/domain
name relationship up-to-date. If your router doesn't provide this function,
you can use a client based program (usually supplied by the DDNS service)
that monitors the router address periodically, and accomplishes the same
thing. But the router based approach works best since there are no client
dependences, and the router only updates when it KNOWS the IP assignment has
indeed changed.

So the above web servers could be more easily referenced using a domain
name, as follows:

http://crazysteve.no-ip.info
http://crazysteve.no-ip.com:8080

As you can see, externally, no one really quite knows where these addresses
end up on your network, which is good, since it's not relevant. You just
have to make it known to your own people were the various services are
located based on ip port assignment. You'd typically publish some sort of
directory for their convenience. And of course, you can easily remap these
at any time, should you need/want to move (in this case) the web servers
elsewhere.

HTH

Jim
 
Jim, thanks for your very thorough response. I have finally been able to get
a VPN connection working through the router!

Thanks again for all the help.
 
Using "RemotePC" (http://www.remotepc.com/) also you can remotely
access your computer since it can function as a VPN replacement
solution.
It works behind most firewalls without any special port settings and is
definitely cost effective.
It works very efficiently from dialup connections to LAN setups.
Regards
Smith
 
Back
Top