Solved

General Information on Remote Access to Home Network

Posted on 2004-09-26
13
232 Views
Last Modified: 2013-12-14
I am trying to figure out where to begin.  I have two home networks with wireless Linksys Routers.  One is encrypted, the other not.  The two ISPs are Cox and Road Runner (Time Warner), both with DHCP.  I'd like to be able to access each network from the other through the Internet.  My understanding is that I need to open ports through the firewalls, etc.  Then, I need to figure out how to call into an IP that's not static.  I recognize that there is a whole lot to think about here, but any general guidelines or direction would be helpful.  I am just trying to get started down the right path.  Thanks.
0
Comment
Question by:samsoro
  • 7
  • 5
13 Comments
 

Author Comment

by:samsoro
ID: 12155432
I just did some further searching on this website, as I know that dynamic IPs are a problem for this kind of thing.  I came across http://www.dyndns.org/services/dyndns/ which seem like it could be a solution.  Any thoughts on this as part of the "Home WAN" architecture would be appreciated.
0
 
LVL 40

Expert Comment

by:Fatal_Exception
ID: 12157871
Dynamic DNS gives you a 'friendly' name for you to access another network that is running with dynamic public IP addresses.  DDNS also tracks any changes on their DNS servers just in case the dynamic address does change.  That being said, I also have a dynamic address for my home ISP, but it has not changed in 2 years now that I can remember.  For instance, you can visit my website that I run from home either of two ways.  Using my dynamic address, or my domain address, which is registered:  www.doverproductions.com

Personally, I would start with using just your IP addresses and configure your tunnels with them.  I assume you are going to be setting up a VPN between the two networks, since you seem to want to encrypt the data?  (Not sure what you are referring to in the above regarding an encrypted network..???  IPsec maybe????  You don't encrypt a network, but you do encrypt files/folder/etc..  You use L2TP with IPsec to create a tunnel and encrypt the contents..)

Also, you must set static addresses on the individual computers within your network.  The router picks up the dynamic public address, but you want to turn off DHCP, or at least exclude the PC you will be connecting to from the DHCP Scope on the router, and then port forward the appropriate ports to that computer.  For instance..  If you are using RDP to connect computers that are on different LANs, you need to configure your router to port forward port 3389 to the address of the computer that you need to connect to.

FE
0
 

Author Comment

by:samsoro
ID: 12159812
Sorry...I meant that the one wireless router is encrypted, not that I am trying to encrypt the network.

I now understand the port forwarding concept.  I am curious...how do you determine the various ports that are being used on the network?  It seems like after making the IP static for the computer you want to access, that you just assign it a port, e.g. "port 80".  I am not sure what you mean by "RDP" or why this necessitates port-forwarding 3389.

A couple of other questions:

-  One computer runs Windows 2000 Professional.  My impression from a couple of things that I have read is that you have to have XP.  I have not yet looked to see if it has the feature allowing for remote access.

- I VPN might be a good idea...but I doubt anyone is going to be interested in what I have to send back and forth, accept there could be some legal documents.  Not to sound so ignorant, but how would you get started with this?

It seems to me that (a) I need to get the IPs, (b) I need to assign static IPs to each of the computers that I want talking to each other from behind their respective firewalls, (c) I need to configure each router to port forward to the ports used by each PC to connect to its router (???..need more help here), (d) I need to set up each PC to accept remote access (????..need help here too) and (d) then maybe think about setting up a VPN.

If this is the logical flow, I can hammer this out step by step.
0
 
LVL 40

Expert Comment

by:Fatal_Exception
ID: 12160216
Okay...

1.  Ports are determined by the program you are using.  For example, if you activate your browser to search the internet, it will request a page from a public server.  This page is downloaded to your system using Port 80, the default http port.  RDP stands for Remote Desktop Protocol and comes with XP Professional and uses Port 3389.  If you wish to use this (or Terminal Services on W2K Servers) you would need to forward that port to the W2K server or XP system you are are trying to connect to.  Unfortunately, on previous versions of Windows (2000) only the Server edition can be accesses using this method, as it comes with a Terminal Services Server.  (W2K does come with the ability to use the TS client, as XP Home editions do.  XP Pro comes with the full suite - server and client)

So this answers your first and second question..

2.  If you use RDP, it is automatically encrypted, so you don't need to worry about a VPN.  Of course, you will need W2K server or XP boxes for this.

3.  Lots of help asked for in this paragraph, eh?  

a)  yes, you need to assign static addresses to any system you will be connecting to (not from)  

b)  make sure that you limit the scope of your DHCP server on your router to make sure that it is not giving out duplicate IP addresses (or turn it completely off)  

c)  Opening the ports on your router...  This is where you may find some problems.  You can only forward one port to one computer.  In other words, when you forward port 3389 for your RDP session to computer1, you cannot forward the same port to another computer.  You would have to reconfigure the ports on the computer programs themselves to do this, and it is not easy to understand.  But you could get around this by opening another instance of the Remote Desktop from the computer you have tunneled into, and then tunnel into the other systems.

Opening ports on your router is fairly straight forward.  You should see the port forwarding configuration in your router's interface.  Just put in the IP address of the computer you wish to access, and then the appropriate port number.

d)  On a W XP, you easily configure it by opening the System Properties window.  (right click on My Computer > properties)  Open the Remote tab, and configure the RDP.  Make sure you allow specific users, or use your admin login when you try to access it.

e)  VPN's are not easy to configure.  They are meant for Client - Server access.  If you wish to go with a vpn, I suggest you purchase routers that are VPN enabled.  This way, the tunnel is created between the routers, and not between computers.

I hope this all helped..

FE
0
 
LVL 40

Expert Comment

by:Fatal_Exception
ID: 12160250
BTW:  you can always use something like TightVNC, which is an encrypted version of VNC.  It can be installed on W2K systems and works just like Remote Desktop.

It is free to use...

http://www.tightvnc.com/
0
 
LVL 6

Expert Comment

by:rustyrpage
ID: 12163436
I know this isn't a solution, but may I ask why you have two separate connections in one house?  There may be an easier/faster/more secure solution (not to mention cheaper) to eliminate one & stick to a single connection
0
Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

 
LVL 40

Expert Comment

by:Fatal_Exception
ID: 12164278
I am assuming that he has two homes, perhaps a vacation home..??  If not, I too would recommend you either:

1)  run a hardwire from one router to the other and connect both to create a private LAN, or

2)  get wireless routers and connect them in a bridge setup

I have 2 internet connections coming into my home.  I use it for redundancy, in case one of my connections goes down.  One is cable and the other is DSL.  
0
 

Author Comment

by:samsoro
ID: 12164541
Yes....it's a second home.  Thanks for the reponses...I need to take this home and digest it a little bit.  I guess the biggest issue is my W2K Pro on my one computer...whether to upgrade to XP.  Otherwise, this seems like it could be straightforward.

When I told a friend of mine that I was looking at opening up ports for remote access, he said I have to buy firewall...not rely one what you get through XP.  I dunno, but I guess I have a lot to think about.  Thanks again, and I will be back in a few.
0
 
LVL 40

Expert Comment

by:Fatal_Exception
ID: 12165389
Forwarding ports is different than just opening ports on a firewall.  You don't have to have a hardware firewall device to keep your network safe, but it is definitely recommended.  Routers use a process called NAT to route packets from an external network to your internal one.

I have a visio diagram I made to show how a LAN is setup.  You can visit it by going to my website at:

www.doverproductions.com

and ck out the Troubleshooting a P2P network under the Networking area.  Or just go here:

http://65.24.134.81/KipSolutions/P2PNetworks/P2P.jpg

Additionally, if you wish to secure your network, take a look at the Netgear products which have a router and SPI firewall included into the device.
0
 

Author Comment

by:samsoro
ID: 12165562
Wow...wealth of knowledge in your Viso schematics...a lot of good trouble shooting guidance here.  I wlill definitely keep this for future reference.

I have yet to implement much of what has been described.  Much of this will take place through visits back and forth between networks to put it in place.

Two things to wrap this up.  First, is there any way of getting around upgrading the W2K Professional PCto XP?  Second, I think it is straight forward, but I do have to configure my router to accept incoming calls.  I found where to do this on the Router configuration page, but is there anything special that I need to be aware of or concerned about?

Otherwise, I think that most of it is clear unless you can think of anything else that I might be missing.  Thanls again for all of the help.
0
 
LVL 40

Accepted Solution

by:
Fatal_Exception earned 125 total points
ID: 12166173
Thanks for the compliment on the site info.  I especially recommend the Troubleshooting Flowchart, as it is quite useful.  Feel free to look around at your leisure.

Regarding the W2K system, that all depends on what you wish to do with it.  If you mean to terminal in using RDP (Terminal Services),  only W2K server edition (not Professional) can be used.  But you can use TightVNC (as I mentioned above) to do this.  You install it on both the computers and forward the requisite ports on the router.

Forwarding ports is relatively simple.  The only thing to be aware of is the security risk of opening any port.  This is always a risk.  You could add a layer of protection by implementing software firewalls on your systems, but then you will have to open ports on these to allow you to terminal into them, or just disable them when you need to get into the LAN.  (This is the entire reason that VPN's are so popular.)

FE

0
 

Author Comment

by:samsoro
ID: 12166302
Thanks...all good stuff.  I appreciate the prompt and thorough effort here
0
 
LVL 40

Expert Comment

by:Fatal_Exception
ID: 12166355
No problem.  If you need any further help, you know where to go...

and thank you..

FE
0

Featured Post

Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

Join & Write a Comment

Suggested Solutions

This solves the problem of diagnosing why an internet connection is no longer working. It also helps identify the likely cause of the lost connection if the procedure fails to re-establish your internet connection. It helps to pinpoint the likely co…
Sometimes you have to pull out old tricks to get a new firewall to work… While we were installing a new Sonicwall at a customers site we found that sites they were able to visit before were not working.  It seemed random and we could not understa…
Excel styles will make formatting consistent and let you apply and change formatting faster. In this tutorial, you'll learn how to use Excel's built-in styles, how to modify styles, and how to create your own. You'll also learn how to use your custo…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now