Skip to content

Accessing your home network over internet – without VPN

June 27, 2011

Few days back I was looking solution to access my home PC over internet. And I was almost convinced that VPN is only way to access your home network if you have dynamic IP. But recently I found alternate way to access my PC, NAS server and even my linux machine over internet. In fact I access them using my Android phone and iPad. I didn’t find nice article under single page. So I decided to put all things together.

Before starting I should must tell you that you need to have some basic knowledge of networking.

Biggest challenge while accessing your home network over internet is dynamic IP. Probably there is not a single ISP which provides static IP without charging extra fee. In fact some ISP like Airtel does not give static IP even with business plans. The reason why you ISP gives you dynamic IP is because  there are limited IP addresses. So if you get static IP it means when you are not using Internet even then you occupy an IP address. But as number of  internet user increased then due to obvious reason it became difficult to allocate static IP. If you have dynamic IP it means when you are not using internet that time one IP address is free. So IP addresses are used efficiently.

Now when your IP address it getting changed every time you reset connection, then how you will you access you home network? IP address is only thing which helps you to reach your home network. So here we will be using dynamic DNS. Before going into details of dynamic DNS we will see first DNS.

What is DNS?

DNS stands for Doamin Name System (or Service or Server). Basically every website has its own server – A server with IP. So you can either type its URL name like http://www.wordpress.com or you can directly type its IP address in browser. But it is easy to remember URL than IP address. When you type any URL in your browser, then browser sends this domain name to DNS and DNS responds with its IP address. There are number of DNS available across geographic position. Some ISP maintains their own DNS. Now DNS itself is network in case if DNS can’t resolve domain name then it forwards it to other DNS and so on.

If you want to see IP address of any website say http://www.wordpress.com then go to command promt and use below commands

tracert http://www.wordpress.com

So DNS is nothing but a system which translate domain name (URL/website) into IP address.

What is dynamic DNS?

Lets say if any web server changes its IP. Then DNS also need to changes its hostname-IP address mapping so when user requests any domain name translation it returns fresh IP. In TCP/IP network server has static IP and client has dynamic IP (It is not must rule). Dynamic DNS is protocol or service to inform DNS to change its configuration. It is useful for your home PC, router which has dynamic IP address.

So just like any other website/webserver we won’t be accessing out home router/PC with its IP but with a host name. For this you will have to create an account with one of the dynamic DNS service provider. There are number of dynamic dns service provider which provides free accounts most popular service providers are

http://www.dyndns.com

http://www.tzo.com

You can find list of Dynamic DNA service provider on  http://dnslookup.me/dynamic-dns/

Almost all service provider has free and paid account. In paid account they provides some additional features and support. For details visit their web page. But you really don’t need paid account and you can use free account. I am currently using dyndns and I am very satisfied.

If you are using router then before selection dynamic service provider check client application supported by router. Router need to run client application which is inbuilt in router firmware. Read “How it works” first

How it works?

You need to create an account with dymanic dns service provider with your own sub domain name. Lets say your subdomain name is “example” and you have created account with dyndns.com then your host name will be  http://www.example.dyndns.info.  I will use this host name as example in this article. You also need to run client application which will inform service provider about its new IP address when it is changed. Depending upon network you can run client application either on router firmware or on your system.

On System which is directly connected to WAN:

You need to install and start client application on your homePC with your username and password. After configuring your client application you can access your homePC using URL http://www.example.dyndns.info because DNS will translate this domain name to IP address. So when IP address (external) of your machine changes, client application informs same to your dynamic service provider and it is updated withinn 30-40 seconds.

On System which is connected to WAN via router:

Well, If you are using router then many router firmware supports dynamic DNS with atleast one or two provider listed above. I am currently using Beetel 450 BXI which supports dyndns and TZO. You just need to program your domain name, username and password and using this domain name you can access router page which is normally @ 192.168.1.1 over internet using dynamic dns hostname which is http://www.example.dyndns.info.

What if Dynamic DNS is not supported by Router:

Well you can still use it. You need to keep one if the PC switched on and running Dynamic DNS client application on it. I will explain how it works in subsequent topics.

I have NAS server connected to my router which also has dynamic DNS application. I can configure NAS client instead of router DDNS client. It will still work because DDNS client updates its external IP address to server. So all networking devices connected to single router/WAN will have same external IP address but different internal IP. So you can run DDNS client application on any device connected to router.

How to connect/access my Home network ?

On System which is directly connected to WAN:

If you are not using router and WAN is directly connected to your PC then depending upon service you can access your PC over internet

Web server:

If you have started web server then you can acccess it over internet using

http://www.example.dyndns.info:80

SSH/Telnet:

If you want to login into linux using ssh/Telnet then use putty and instead of IP address user belo hostname (with proper port number)

http://www.example.dyndns.info

FTP:

If you have started FTP server then use below link to access in browser

ftp://example.dyndns.info

VNC:

If you have started VNC server on home machine then you can access your home PC desktop using VNC viewer which s free application. User dynamic dns host name instead of IP address to access your home system. This works with linux as well as windows.

On System which is connected to WAN via router:

When you are connected to router then you need few more configuration in your router. Lets consider small home network as shown  below:

Here router is directly connected to WAN (internet). Below is list of network device and their IP address connected to router

Router: 192.168.1.1

Windows: 192.168.1.2

iPad: 192.168.1.3

Linux: 192.168.1.4

NAS server: 192.168.1.5

Laptop: 192.168.1.6

Android Cell : 192.168.1.7

Each device has private IP address and Public IP address. All above IPs are private IP. i.e. These IP address are local to this LAN network and may not be valid outside LAN network.You can view local IP address using

DOS  Command: ipconfig /all

Linux shell command: ifconfig

For external IP or public IP you need to visit

http://www.whatismyip.com/

http://whatismyipaddress.com/

http://www.whatsmyip.org/

If you have more than one devices connected to router like shown above then you will find external/public IP address for all devices are same. Reason is since only router is connected to WAN, only one public IP will be issued. All other devices share same public IP using router. So when you configure dynamic DNS in your router then dynamic DNS hostname will point to router. i.e.

Accessing 192.168.1.1 from LAN is same as accessing http://www.example.dyndns.info over internet. Both will point to your router page.

Now how you can access above five devices using single external IP address ? Here we will use port number.

Now I have router and NAS server which I control using web browser.

For router IP address is 192.168.1.1 and for NAS server IP address is 192.168.1.5 both uses default port 80. And over internet dynamic DNS hostname will always point to Router web page. Now here you need to configure NAT (Network Address Translation) in your router. You will be using same host name but different port number. Configure NAS such a way that when it receives any request on external port 5080 it will forward it to internal IP 192.168.1.5 @port 80. So to access NAS server you need use

So here NAT will forward this request to internal IP address 192.168.1.5:80 which is IP address of NAS server.

Note that

http://www.example.dyndns.info:80

is same as

http://www.example.dyndns.info

which will point to router webpage.

Similarly you need to configure NAT properly to use FTP, VNC and other services. Normally FTP uses port number 21. VNC uses port number 5900. You can have multiple FTP or VNC only thing is you should make sure that their external ports are different. You can have same internal ports as IP address is different. Below is snap shot of my router NAT configuration page (Open it in another windows)

By default http port is 80, FTP port is 21, SSH is 22 but just to avoid confusion I changed external http port for NAS server from 80 to 5080 (I use 5xxx for NAS as its IP is *.5 similarly 4xxx for Linux as its IP is *.4) but internally it will use port 80 only.

Issues you may face:

Blocked by FireWall:

So It is really not so difficult to access your home network remotely. But it can be misused also. And hence to prevent such unauthorized access firewall is used. Basically firewall blocks network access based on some rules.

One of the algorithm is if any request come at port number 21 (which is FTP server) then drop packet. So no body can access network using FTP protocol. Now this was first generation firewall but in our previous example we configures our FTP on port no 5021 so this algorithm won’t block our access if firewall is sitting between remote machine and router.

Other algorithm is, firewall decodes each network packet and it drops packet based on application like http, telnet, ssh, ftp. So firewall is intelligent enough to detect ftp access even if it is on some non standard port (like above example).

Currently there are many complicated algorithm which are used by firewall and many of them are incorporated in hardware and hence much faster.

When firewall blocks access it simply drops packets without giving any acknowledgement. When there is no acknowledgement then user get no response from destination and he thinks that machine is unreachable.

Firewall can exist at any point from source to destination. Your ISP, router or even destination machine may have firewall (Firewall can be software application or hardware device). So it is difficult to find which firewall is blocking access. Only thing you can do is to check whether destination machine is reachable over internet or not using Open Port Tool. You can enter IP address (host name) with port number and check whether this is accessible or not. For example if I want to cross check my FTP connection in above example then I can use Open Port Tool with host name http://example.dyndns.info and port no 5021 (An external port). If this port is open then it means it is accessible over internet.

Similarly you need check firewall setting of your PC and router and make sure that you have unblocked proper ports before you access it over internet.

Blocked by Router:

Now this topic is very specific to router and its firmware. You need to explore your router configuration to find out if there is any blocked access. For security reasons by default router is configured to block access over internet. (Here I am not talking about router firewall.) For example http, FTP, TELNET, SSH etc access on my router are blocked by default for WAN but are enabled for LAN. What it means is I can access FTP using ftp://192.168.1.5:21 in LAN network but I can’t access same over internet using ftp://example.dyndns.info:5021 even if I configured NAT properly.

If you are using Beetel 450-BX1 ADSL modem then go to

Management => Access Control and enable HTTP and ICMP access over WAN.

Similarly you may need to explore your router options and find solution on your own.

Advertisements
9 Comments
  1. someoneisnot permalink

    thanks for your writings.

  2. it’s not bad to try ..thanks
    but would you like give more detail explanation ?

  3. Hello superb blog! Does running a blog similar to this require a great deal of work?
    I have no understanding of computer programming but
    I had been hoping to start my own blog soon.
    Anyways, if you have any ideas or techniques for new blog owners please share.
    I understand this is off subject however I simply had to
    ask. Thanks!

  4. Thank you for sharing your info. I truly appreciate your efforts and I will be waiting for your next write ups thanks
    once again.

  5. Thanks a lot.

Trackbacks & Pingbacks

  1. DNS-323 | Adronics Embedded Solutions
  2. Beetel 450BXI | Adronics Embedded Solutions
  3. ASUS N65U | Adronics Embedded Solutions

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: