This particular post will refer to forwarding single ports to particular machines on your internal network, using the Tomato router firmware, as well as using a service called DynDNS to more easily access your dynamic IP address over the Internet.
This setup was accomplished with a Buffalo WHR-HP-G54 router, flashed with the Tomato Firmware.
PORT FORWARDING IN TOMATO:
Tomato is user friendly, providing sample port forwarding to help users with the formatting and syntax of the process.
Here is a screen shot that shows the port forwarding screen:
To forward a single port to the same port on a particular IP:
External Ports: 9090
Internal Ports: (blank)
Internal Address: 192.168.1.11 (your computer's IP address)
To forward a port to a different internal port:
External Ports: 1010 (as seen from the Internet)
Internal Ports: 1212 (as seen inside your LAN)
Internal Address: 192.168.1.11 (your computer's IP address)
You can choose to forward TCP packets, UDP packets, or both.
If you read my previous post about port forwarding in VirtualBox, port forwarding in your router would allow you to make open virtual machine ports to the Internet at large.
As an example, you could open port 80 on your virtual machine, forward traffic from port 80 to port 8080 of host Computer A, then have incoming router traffic on port 80 forward to port 8080 on Computer A, so that when external traffic comes in on port 80, it is routed to the server virtual machine running on Computer A.
USING DynDNS:
What is DynDNS? Allow me to borrow this description from their website:
Dynamic DNS Free (DDNS) allows you to create a hostname that points to your home or office IP address, providing an easy-to-remember URL for quick access. We also provide an update mechanism which makes the hostname work with your dynamic IP address. We continue to offer this service free to the Internet community as we have done so for nearly 10 years.
Now, instead of having to remember your external IP address of 12.34.56.78 (or a dynamically changing one), you can use a service such as DynDNS to be able to use samplename.thruhere.net instead of 12.34.56.78 in an Internet browser such as Firefox to access your computer. It tends to be easier to remember, and easier to tell your friends or colleagues.
For the free DNS forwarding, DynDNS offers these domains to choose from:
Sign up for a free DynDNS account, choose a domain and link it to your dynamic IP. From now on, you can use this personal URL to access your computer from the Internet. If you want, you can continue to use your IP, but I'd be surprised if you do. This URL actually points to your router, so port forwarding from your router allows you to point traffic from the Internet to particular computers on your network.
VERIFYING ROUTER SECURITY:
First, a security precaution: Many routers are administered through port 80 (the standard web traffic port), even if traffic comes externally. Tomato allows you to disable external access (or change the administration port), so it isn't as big of an issue, but make sure to look in your router settings to verify that you are not opening yourself up to convenient remote router cracking (especially if you still use the default passwords- shame, shame!).
One way to verify if your router is allowing remote administrative access is this:
- Go to IP Chicken to get your current IP.
- Copy that address and paste it into your web browser address window and press Enter.
- If your router password verification window comes up, you can access your router remotely.
- Try this again with your shiny new DynDNS URL. Note that the result should be the same as if your typed in the IP directly.
OK. You have your shiny new DynDNS account, and you've secured your router from external attacks. Now, enjoy the convenience of your work! For example, FreeNAS offers a Transmission Bittorrent WebGUI which defaults to port 9091. You can forward external traffic from this port directly to your FreeNAS box. Now, samplename.thruhere.net:9091 would bring up your Transmission WebGUI, anywhere in the world that has internet access! Alternatively, you could forward port 80 to port 9091 of your FreeNAS box, thus allowing samplename.thruhere.net to access your WebGUI directly. I suggest using user authentication, but that's up to you.
Now, while reading Distrowatch, if your Linux distribution of choice releases a new version, this would allow you to add a torrent while drinking a coffee at a coffee house, then come home to a torrent that is already downloaded. That beats the alternative of waiting to start the download until you get home. Enjoy!
No comments:
Post a Comment