Solved

Access 2 Private IP addresses Using 1 Public IP address from remote location.

Posted on 2012-03-21
35
323 Views
Last Modified: 2012-05-03
Hi,

    I was wondering if there was a way to access my devices which have separate IP's on my LAN Remotely.  I have configured one device to be accessed remotely by adding its IP address to the DMZ of router. ( if there is a way to add 2 IP addresses to the DMZ would be great) have googled a lot of things and can't seem to get it working.
0
Comment
Question by:Computers4me
  • 20
  • 12
  • +2
35 Comments
 
LVL 2

Expert Comment

by:ganeshtvm
Comment Utility
I think you have to use port forwarding method in router it will work .
0
 
LVL 3

Expert Comment

by:kevdines
Comment Utility
Hello Computers4me,

There's a few different ways of doing it, and it depends what the devices are that you're trying to connect to. Here's a few options with the simplest/cheapest first:

(If your router supports it) to configure it as a VPN host, then VPN to your router and configure it to assign you an IP address on your LAN. That way you'd be able to connect to any device on your LAN (and any future devices) without any further configuration. [Reasonably simple, free (if your hardware supports it), and requires no additional setup for each future device]

Depending on what they are, you might be able to install VNC on all of your LAN devices and use port-forwarding on your router to assign a different port to each device. [Reasonably simple, VNC is usuaully free for home use, but you might not be able to install it on all devices, requires additional setup for each future device]

If it's appropriate/possible, you could install LogMeIn on each of your LAN devices and use their service to connect to each device. [Very simple, LogMeIn is free for home use but not availabel for every sort of device, requires additional setup for each future device]

Alternatively, you could configure your XP machine as a VPN host and get your router to port-forward the necessary ports. [Very fiddly from memory, free (if your router can forward the necessary ports and protocols), requires no additional setup for each future device]

Hopefully one of those should fit the bill,

Cheers,

Kev
0
 
LVL 3

Expert Comment

by:bart1975
Comment Utility
This can depend on so many different varables.
I am presuming that you only have one external ip address.

If you want to access two different services for example ftp on one deviceand http on another, the best way would to be to setup a port forward for each of the services

for exmaple forward port 21(ftp) off to the ip address of device 1 and port 80 (http) off to the ip address of device two.

In summary as long as the service on each device you are trying to access are on different ports it can be done.
0
 

Author Comment

by:Computers4me
Comment Utility
The devices I have configured are Vlinx serial servers ( http://www.bb-elec.com/product_family.asp?familyid=2 ) which I configured with a static internal ip addresses and separate TCP ports 2101 and 2102
0
 

Author Comment

by:Computers4me
Comment Utility
I have setup port forwarding to both ip addresses and ports. My application on the Vlinx server shows a connection when attempting to access it through a web browser but will not open the configuration page unless it's ip is in the DMZ ( which I can only have 1)
0
 

Author Comment

by:Computers4me
Comment Utility
Ultimately these serial servers will be used to monitor 2 generators for any maintenance needed
0
 
LVL 3

Expert Comment

by:kevdines
Comment Utility
Heh - I won't ask! What application do you use to connect to these? I can't quite see from the screenshots. It looks like port forwarding on the router will be the solution though. If you are trying to connect with the VLINK manager software in the screenshot, then you would need to configure the router to forward port 2101 to the LAN IP of the first device, and 2102 to the LAN IP of the second device. Then on an external PC, you would add two new devices into the software using your public IP address and port 2101 for the first device, and port 2102 for the second. I don't think that it should be too tricky to get this up and running,

Cheers,

Kev

EDIT: Although, thinking about monitoring your generators, the port forwarding option will probably mean that you are transmitting unencrypted data over the internet (unless the application is already encrypting it, which seems unlikely). I don't know whether that's actually an issue in these circumstances or not. If it supports it, configuring your router as a VPN end-point (even with PPTP) would you give you some level of encryption, but it's up to you whether the extra security is worth the hassle.
0
 

Author Comment

by:Computers4me
Comment Utility
when trying to access device through the web management console I would think I'd need to put the following address in a web browser:

Http://xxxxxx:2101      ( fist device )

or

Http://xxxxxxx:2102     ( second device)



X = public IP from ISP
0
 
LVL 3

Expert Comment

by:kevdines
Comment Utility
Sorry - I missed your comment at 11:54:54. If it's working while the devices have IPs in the DMZ and not in the LAN, it's probably a firewall issue on the router. You may well need to configure a custom service and add TCP ports 2101 and 2102 to it, then configure a firewall rule to allow access from outside to the LAN for your new service. If you let me know the make and model of your router, I might be able to find some more detailed instructions,

Cheers,

Kev
0
 

Author Comment

by:Computers4me
Comment Utility
When entering ip address from another computer on the LAN I can access web console with no problems.
0
 
LVL 19

Expert Comment

by:NerdsOfTech
Comment Utility
1. Disable DMZ (which port forwards ALL PORTS to IP specified in DMZ)!

2. Configure port forwarding, use NAT2NAT connectivity, or simply download a NAT2NAT proprietary system application such as LogMeIn (Free for Home), Teamviewer (Free for Home), Crossloop, etc.

2b. If using a VNC type connection and you opted to choose port forwarding in step 2, configure port forwarding on your router.

You would setup TCP port forwards in your router:
5901 - 5901 TCP pc1internalIPaddressHERE pc1
5801 - 5801 TCP pc1internalIPaddressHERE pc1

5902 - 5902 TCP pc2internalIPaddressHERE  pc2
5802 - 5802 TCP pc2internalIPaddressHERE  pc2

AND, in the VNC you would configure PC1 to use 5801 and 5901 &  PC2 to use 5802 and 5902 respectively.

HENCE, the external ip of the router, we will call it ROUTER2, will allow you to connect to each computer by:
ROUTER2externalIPaddress:5801 (PC1) and
ROUTER2externalIPaddress:5802 (PC2) respectively.


Again, DMZ must be disabled (since it is the equivalent of port forwarding ALL of the PORTS to/from only 1 PC)


www.logmein.com
www.teamviewer.com
www.crossloop.com
0
 

Author Comment

by:Computers4me
Comment Utility
I will post an image with settings
0
 

Author Comment

by:Computers4me
Comment Utility
My Port forwarding Settings
0
 
LVL 3

Expert Comment

by:kevdines
Comment Utility
Yep - your port forwarding settings look correct, if you've not already done it, I suspect that you need to create corresponding entries on the firewall tab though (the wording is a little ambiguous in the manual). If you've already tried this and it's still nto workign, let me know and I'll do some more head scratching,

Cheers,

Kev
0
 

Author Comment

by:Computers4me
Comment Utility
DMZ
0
 

Author Comment

by:Computers4me
Comment Utility
dmz1
0
 

Author Comment

by:Computers4me
Comment Utility
dmz3
0
What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

 

Author Comment

by:Computers4me
Comment Utility
I disabled DMZ now i cant access my remote devices ( Vlinx Server Web configuration console) tried addresses

http://(my public IP):2101

or

http://(my public IP):2102
0
 

Author Comment

by:Computers4me
Comment Utility
Im trying this from a remote location.
0
 

Author Comment

by:Computers4me
Comment Utility
I  do have teamviewer installed on remote computer so i do have access and that's how i'm taking the pictures  ( using IPad with teamviewer application)
0
 
LVL 3

Expert Comment

by:kevdines
Comment Utility
Intriguing... That all looks correct. Maybe it needs another port open too? Could you connect to one of the devices from the XP machine in the screenshots, then run
netstat -oa

Open in new window

from the command prompt please? Take a look down the IP address column and see if any ports other than 2101/2102 are listed for the LAN addresses of the devices too,

Cheers,

Kev
0
 
LVL 3

Expert Comment

by:kevdines
Comment Utility
Also, if you could try telnetting to the external IP on the forwarded port too (so we can see whether it is actually getting a response or not), that would be handy:

telnet [publicIPaddress] 2101

Open in new window


Cheers,

Kev
0
 

Author Comment

by:Computers4me
Comment Utility
This is what that command brings up:

netstat -oa
0
 

Author Comment

by:Computers4me
Comment Utility
I had the Web Console for one of the devices in the background in the picture its labeled ESP211-232...
0
 

Author Comment

by:Computers4me
Comment Utility
I changed my TCP ports on devices to 4000 and 4001 and changed the port forwarding rules to match thinking may be a Port issue but same thing. The firewall on this computer has been turned off the whole time.
0
 

Author Comment

by:Computers4me
Comment Utility
my router shows a LOG on the login page of all activity and i see my remote computers IP address in the log accessing the correct IP and Ports
0
 

Author Comment

by:Computers4me
Comment Utility
everything is correct except i cant access the web console page
0
 
LVL 3

Expert Comment

by:kevdines
Comment Utility
Very strange... Could you just double-check the Server Settings for the devices and check that they are operating in TCP mode (the manual suggests that they can also operate in UDP mode, which could be the problem). Also, I would have expected to see something more from the netstat results (specifically, there ought to be at least one entry of the LAN IP of one of the devices in the Foreign IP column - please could you try logging back into it, then quickly running the netstat -oa command again?). Also, the results from the telnet test could be useful - if there is a response from the device then we can assume that there must be other ports/protocols required, if there is no response, then we could still be looking at a weird setting on the router,

Cheers,

Kev
0
 

Author Comment

by:Computers4me
Comment Utility
Hey,

    I ran netstat -oa and recieved same info as before. What's weird is I just recieved an application from Tecogen which seems to be a dialup program than can diagnose the COGEN unit and I'm able to access the info I need remotely. I just can't open the web interface for the Vlinx server unless I put its IP in the DMZ
0
 

Author Comment

by:Computers4me
Comment Utility
When setting up the Vlinx I made sure it's TCP not UDP
0
 
LVL 3

Accepted Solution

by:
kevdines earned 500 total points
Comment Utility
Fair enough - as you'd been so thorough with everything else, I thought it was a long shot. Have you had a chance to test connecting via telnet yet? It should give us a bit more insight into excatly where we are. Also, I read somewhere last night that the router might need a reboot after applying the port forwarding rules (it seems a little strange to me, but it also seems a little strange that it's not working yet!),

Cheers,

Kev
0
 
LVL 3

Expert Comment

by:kevdines
Comment Utility
Hi Computers4me,

Have you had a chance to look into the telnet results and restarting the router yet?

Cheers,

Kev
0
 
LVL 3

Expert Comment

by:kevdines
Comment Utility
Hi Computers4me,

Any update yet?

Cheers,

Kev
0
 
LVL 3

Expert Comment

by:kevdines
Comment Utility
Hi Computers4me,

Any update yet?

Cheers,

Kev
0
 
LVL 3

Expert Comment

by:kevdines
Comment Utility
Hi Computers4me,

It's been four weeks since your last response. Any update yet?

Cheers,

Kev
0

Featured Post

Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

Join & Write a Comment

Suggested Solutions

If you have done a reformat of your hard drive and proceeded to do a successful Windows XP installation, you may notice that a choice between two operating systems when you start up the machine. Here is how to get rid of this: Click Start Clic…
Article by: kevp75
Hey folks, 'bout time for me to come around with a little tip. Thanks to IIS 7.5 Extensions and Microsoft (well... really Windows 8, and IIS 8 I guess...), we can now prime our Application Pools, when IIS starts. Now, though it would be nice t…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now