Link to home
Start Free TrialLog in
Avatar of samsoro
samsoro

asked on

General Information on Remote Access to Home Network

I am trying to figure out where to begin.  I have two home networks with wireless Linksys Routers.  One is encrypted, the other not.  The two ISPs are Cox and Road Runner (Time Warner), both with DHCP.  I'd like to be able to access each network from the other through the Internet.  My understanding is that I need to open ports through the firewalls, etc.  Then, I need to figure out how to call into an IP that's not static.  I recognize that there is a whole lot to think about here, but any general guidelines or direction would be helpful.  I am just trying to get started down the right path.  Thanks.
Avatar of samsoro
samsoro

ASKER

I just did some further searching on this website, as I know that dynamic IPs are a problem for this kind of thing.  I came across http://www.dyndns.org/services/dyndns/ which seem like it could be a solution.  Any thoughts on this as part of the "Home WAN" architecture would be appreciated.
Dynamic DNS gives you a 'friendly' name for you to access another network that is running with dynamic public IP addresses.  DDNS also tracks any changes on their DNS servers just in case the dynamic address does change.  That being said, I also have a dynamic address for my home ISP, but it has not changed in 2 years now that I can remember.  For instance, you can visit my website that I run from home either of two ways.  Using my dynamic address, or my domain address, which is registered:  www.doverproductions.com

Personally, I would start with using just your IP addresses and configure your tunnels with them.  I assume you are going to be setting up a VPN between the two networks, since you seem to want to encrypt the data?  (Not sure what you are referring to in the above regarding an encrypted network..???  IPsec maybe????  You don't encrypt a network, but you do encrypt files/folder/etc..  You use L2TP with IPsec to create a tunnel and encrypt the contents..)

Also, you must set static addresses on the individual computers within your network.  The router picks up the dynamic public address, but you want to turn off DHCP, or at least exclude the PC you will be connecting to from the DHCP Scope on the router, and then port forward the appropriate ports to that computer.  For instance..  If you are using RDP to connect computers that are on different LANs, you need to configure your router to port forward port 3389 to the address of the computer that you need to connect to.

FE
Avatar of samsoro

ASKER

Sorry...I meant that the one wireless router is encrypted, not that I am trying to encrypt the network.

I now understand the port forwarding concept.  I am curious...how do you determine the various ports that are being used on the network?  It seems like after making the IP static for the computer you want to access, that you just assign it a port, e.g. "port 80".  I am not sure what you mean by "RDP" or why this necessitates port-forwarding 3389.

A couple of other questions:

-  One computer runs Windows 2000 Professional.  My impression from a couple of things that I have read is that you have to have XP.  I have not yet looked to see if it has the feature allowing for remote access.

- I VPN might be a good idea...but I doubt anyone is going to be interested in what I have to send back and forth, accept there could be some legal documents.  Not to sound so ignorant, but how would you get started with this?

It seems to me that (a) I need to get the IPs, (b) I need to assign static IPs to each of the computers that I want talking to each other from behind their respective firewalls, (c) I need to configure each router to port forward to the ports used by each PC to connect to its router (???..need more help here), (d) I need to set up each PC to accept remote access (????..need help here too) and (d) then maybe think about setting up a VPN.

If this is the logical flow, I can hammer this out step by step.
Okay...

1.  Ports are determined by the program you are using.  For example, if you activate your browser to search the internet, it will request a page from a public server.  This page is downloaded to your system using Port 80, the default http port.  RDP stands for Remote Desktop Protocol and comes with XP Professional and uses Port 3389.  If you wish to use this (or Terminal Services on W2K Servers) you would need to forward that port to the W2K server or XP system you are are trying to connect to.  Unfortunately, on previous versions of Windows (2000) only the Server edition can be accesses using this method, as it comes with a Terminal Services Server.  (W2K does come with the ability to use the TS client, as XP Home editions do.  XP Pro comes with the full suite - server and client)

So this answers your first and second question..

2.  If you use RDP, it is automatically encrypted, so you don't need to worry about a VPN.  Of course, you will need W2K server or XP boxes for this.

3.  Lots of help asked for in this paragraph, eh?  

a)  yes, you need to assign static addresses to any system you will be connecting to (not from)  

b)  make sure that you limit the scope of your DHCP server on your router to make sure that it is not giving out duplicate IP addresses (or turn it completely off)  

c)  Opening the ports on your router...  This is where you may find some problems.  You can only forward one port to one computer.  In other words, when you forward port 3389 for your RDP session to computer1, you cannot forward the same port to another computer.  You would have to reconfigure the ports on the computer programs themselves to do this, and it is not easy to understand.  But you could get around this by opening another instance of the Remote Desktop from the computer you have tunneled into, and then tunnel into the other systems.

Opening ports on your router is fairly straight forward.  You should see the port forwarding configuration in your router's interface.  Just put in the IP address of the computer you wish to access, and then the appropriate port number.

d)  On a W XP, you easily configure it by opening the System Properties window.  (right click on My Computer > properties)  Open the Remote tab, and configure the RDP.  Make sure you allow specific users, or use your admin login when you try to access it.

e)  VPN's are not easy to configure.  They are meant for Client - Server access.  If you wish to go with a vpn, I suggest you purchase routers that are VPN enabled.  This way, the tunnel is created between the routers, and not between computers.

I hope this all helped..

FE
BTW:  you can always use something like TightVNC, which is an encrypted version of VNC.  It can be installed on W2K systems and works just like Remote Desktop.

It is free to use...

http://www.tightvnc.com/
I know this isn't a solution, but may I ask why you have two separate connections in one house?  There may be an easier/faster/more secure solution (not to mention cheaper) to eliminate one & stick to a single connection
I am assuming that he has two homes, perhaps a vacation home..??  If not, I too would recommend you either:

1)  run a hardwire from one router to the other and connect both to create a private LAN, or

2)  get wireless routers and connect them in a bridge setup

I have 2 internet connections coming into my home.  I use it for redundancy, in case one of my connections goes down.  One is cable and the other is DSL.  
Avatar of samsoro

ASKER

Yes....it's a second home.  Thanks for the reponses...I need to take this home and digest it a little bit.  I guess the biggest issue is my W2K Pro on my one computer...whether to upgrade to XP.  Otherwise, this seems like it could be straightforward.

When I told a friend of mine that I was looking at opening up ports for remote access, he said I have to buy firewall...not rely one what you get through XP.  I dunno, but I guess I have a lot to think about.  Thanks again, and I will be back in a few.
Forwarding ports is different than just opening ports on a firewall.  You don't have to have a hardware firewall device to keep your network safe, but it is definitely recommended.  Routers use a process called NAT to route packets from an external network to your internal one.

I have a visio diagram I made to show how a LAN is setup.  You can visit it by going to my website at:

www.doverproductions.com

and ck out the Troubleshooting a P2P network under the Networking area.  Or just go here:

http://65.24.134.81/KipSolutions/P2PNetworks/P2P.jpg

Additionally, if you wish to secure your network, take a look at the Netgear products which have a router and SPI firewall included into the device.
Avatar of samsoro

ASKER

Wow...wealth of knowledge in your Viso schematics...a lot of good trouble shooting guidance here.  I wlill definitely keep this for future reference.

I have yet to implement much of what has been described.  Much of this will take place through visits back and forth between networks to put it in place.

Two things to wrap this up.  First, is there any way of getting around upgrading the W2K Professional PCto XP?  Second, I think it is straight forward, but I do have to configure my router to accept incoming calls.  I found where to do this on the Router configuration page, but is there anything special that I need to be aware of or concerned about?

Otherwise, I think that most of it is clear unless you can think of anything else that I might be missing.  Thanls again for all of the help.
ASKER CERTIFIED SOLUTION
Avatar of Fatal_Exception
Fatal_Exception
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of samsoro

ASKER

Thanks...all good stuff.  I appreciate the prompt and thorough effort here
No problem.  If you need any further help, you know where to go...

and thank you..

FE