How do I setup my home computer to be accessible from outside using a domain name I own?

BILL Carlisle
BILL Carlisle used Ask the Experts™
Hi All,
How do I setup my home computer to be accessible from outside using a domain name I own?
Dell Windows 7, Motorola cable modem, Cisco wireless router, Time Warner internet.

Did I select the correct "Topics"?

Thank you,
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
JohnBusiness Consultant (Owner)
Most Valuable Expert 2012
Expert of the Year 2018

You can use Radmin tools for this (Famatech). I use Radmin.

Put the Radmin server on your home machine and set it up.
Put the Radmin viewer on your remote machine and log into  your home machine.
In what way do you want it to be "accessible"?  Are you trying to access shared resources (folders, printers, web server, etc.) or do you want to see the monitor and to control the mouse and keyboard?

If it is control, there are different flavors of VNC (realvnc and tightvnc are popular) that will allow remote access.  You'd have to enable port forwarding on your router to allow access from the internet side.

If it is a Pro version of Windows, you can use Remote Desktop in a similar way as VNC.
There are three fundamental ways that this is done.  It partly depends on whether the workstation you will be using is in one location or more than one location.  

- For one location, a site-to-site VPN connection that's supported by the internet gateway router is about as secure as you can get.  Generally it provides a computer on one network the ability to reach another network and its resources.  Great for office-to-office connections.

- Many other setups require that reaching an individual computer are specific to that computer.  Services like GoToAssist, LogMeIn, TeamViewer are all like this.  These run a server on the target machine which communicates with the service provider's facility providing a "here I am" presence.  Then, you connnect to it via the service provider's facilities either using a web interface or a local application program.  You don't have to set up port forwarding.  You do have to accept that there's a 3rd party in the middle - even if it is all encrypted.  It's like a "hosted VPN" implementation.

- Many free and common capabilities require that you open a port on the target computer's site router.  VNC, UltraVNC, etc. work this way.  You install a "server" on the target computer which listens on a particular port / address.  The router either maps this port or some other from the outside IP address to the inside computer IP address and port.  Remote desktop is the same.  This type of implementation is "passive" in the sense that the target computer only has to listen and doesn't have to broadcast "here I am" messages.  (And, if it did, where would it be sending them??).

- You should also be aware of DynamicDNS (DDNS).  If there is no "here I am" server running, then it's not possible for a service provider to know where the target computer is located (i.e. public IP address and port numbers).  And, if you are using a dynamic public IP address at the target computer end, then there is no known IP address.  This remains an issue even if there is "a domain name you own".  DDNS installs a "here I am" server on the target computer and continually updates the address location.  And, the service provides an IP address for outsiders to use to reach the network's actual IP address.  Some security camera setups use this .. just as an example.  If you have your own domain name then you can register a URL with the DDNS service so the domain is reachable.  There may be other ways but this is what I know and understand.

In the case of having a "here I am" server runrning, there is no  need to open a router port.  That's not because a port address isn't needed but because it's not going to be assumed that it's static.  
Consider this:  How do packets from the internet return to your computer when you are running 3 browsers and email all at the same time?  How do your packets not get mixed up with everyone else's at your facility?  The answer is generally buried in the NAT capability of your gateway router.  When a packet goes out, your application has a port number associated with it for your computer AND that application.  Then, when the packet leaves the building, the router  adds another port number to the outgoing packet.  When responses return, they are routed to the appropriate IP address and port number on the LAN .. just as it all started out.

But, if someone wants to connect from the outside independently/unilaterally then it doesn't have that response context that's described above.  So it has to have a port number which the router understands and will forward packets to the intended computer IP and port number / actually the totality of this is an "address".  This is what requires port forwarding.

I prefer to use services like GoToAssist for things like this.
Success in ‘20 With a Profitable Pricing Strategy

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden using our free interactive tool and use it to determine the right price for your IT services. Start calculating Now!

BILL CarlisleAPEX Developer


Awesome, I do need one of those.. VPN is what I do in client's network.

BUT, I appoligize for not being more clear.
What I was speaking about right now is what do I need to do to have outside people be able to hit my URL domain and access my web application I am building which has a log in.

1. I have a domain name
2. I want to be the hosting company for myself.. :)
3. I want it safe... secure

Thanks again,
JohnBusiness Consultant (Owner)
Most Valuable Expert 2012
Expert of the Year 2018

The Radmin connection is very secure. I use this myself over a VPN connection to my home office.
So, you want to host your own website?

It's typical to set up a "demilitarized zone" / for this purpose and put the server in the DMZ.
This puts a firewall in front of the server and also in front of your LAN (separately).

A key question is do you have a static  public IP address?  If so then good.  If not then you will need either a static address or use DynDNS type of service to forward your URL to your current (dynamic) IP address.

Then, if it's static, there will need to be the appropriate records set up so that your URL associates with your IP address.  In other words, so that others will have DNS pointing to your site's IP address.

Your website should probably be configured to use https in order to encrypt communications.  
This is like Google.  If you go to, it will come back automatically as  Same thing for the login.
BILL CarlisleAPEX Developer


Great Fred!
I actually have a DynDNS account for security cameras I had.
Do they let you have your own domain name?
That probably is first step..
I will be using Glassfish so I am familiar with the certificates.. they are a pain to setup! :)
BILL CarlisleAPEX Developer


what is involved to set up a "demilitarized zone" ?
Top Expert 2016
Here is my setup:
1. Cable Internet
2,  cisco cable modem (4 ports) (192.168.0.x network) (netmask
3. Ubiquiti Router (4 ports / wireless) (192.168.1.x network) (netmask
4. 2 x computers (workstation and web server)
Network Diagram
Cable modem port forward incoming port 80/443 to web server, Each Router has their own firewall
In this configuration I could use only one computer with 2 network cards .. one network card going to the cable modem the other going to the router.
Generally the DMZ is a feature of the gateway router...
BILL CarlisleAPEX Developer


Hi All,
  Ok, for this post lets just look at my initial question:
"How do I setup my home computer to be accessible from outside using a domain name I own?"

I have a domain "".
I have DYNDNS account.
I have glassfish running accessing an application. http://localhost:8080/ords/f?p=100

I want outside users to be able to hit my application like this:

Can you help me?
I will ask separate questions for DMZ and VPNing into my computer.

Thank you,
If I understand your last post correctly, all you should need to do is port forwarding in your router to direct incoming port 80 to the local IP address of the web server and to convert the port from 80 to 8080.

I'm assuming that you really meant this for the outside link:

The way you asking is bit risky because there are tonnes of threats are behind the garden wall. When you setup such environment, make sure that your border security is good enough to protect from such threats, otherwise do not attempt .
This question and the answers seem to have gone all over the place but the author remains dissatisfied.
The author "wants the implementation to be secure".  The issue of a DMZ was set aside and yet may well be at the core of a solution which answers this part of the original question.

We know that DynDNS is available.  This means that the URL is at least supported in the outside world.  That part is done.

Packets destined for the URL will arrive at the designated public IP address as a result.

But, will they arrive at the desired web server?  Is there a DynDNS server app running on that server?
Somehow the web server has to be reached locally.  So, it seems a reasonable assumption here that the web server "home computer" is running a Dyn updater service.  

Neglecting the security issue, isn't this all that's needed?

Including the security issue, what direction do you want to go if not with a DMZ or ....
You could always get another public IP address and put the web server there with suitable firewalling but then it wouldn't be a "home computer" would it?  In the end, what you want may not be entirely feasible if I understand what a "home computer" is.

I imagine that giving hardware configurations with specific equipment (that you probably don't have) aren't very useful.  So, I have avoided doing that in favor of moving toward a final goal iteratively with you.

Or, you might Google [put a web server at home] as there are lots of hits that relate to doing what you want.  You will find things that are completely insecure (as above) and things that use port forwarding in the local gateway router, etc.  Here's a pretty good and elementary article on that subject that addresses your question it seems rather directly:
Top Expert 2016
If you are using a free dyndns account it is different than using a paid account that has custom dns settings
setup an account and add a name
setup the dyndns agent to reflect your ip changes (dynamic ip from isp)
at your domain registrar create a cname record that points to

at your domain registrar use the ns settings provided by dyn
add a zone for your domain
add the A record to point to your dynamic DNS
at your domain registrar change the name server (NS records to point to where dyndns tells you i.e.
create an update user and use the dyn updater to update your account.

as mentioned earlier you will have to modify your routers settings to port foward from
http tcp port 80 to http tcp port 8080 and the machines ip address
Top Expert 2016
as for security you will need another router and follow my previous diagram or use a switch that is configurable. A cheap one is the ubiquiti EdgeRouter (~$50USD), which has five separate interfaces, each that can be configured to be a separate set of IP addresses, that  is, separate subnets operating within your domain as individual Intranets.

A DMZ requires at least 2 computers or a pc with 2 network cards running a virtual machine.  Setting up a pfsense router (requires a machine running pfsense and 2 or more NIC's
Some DMZ situations work like this:
Two or more public IP addresses.  I'll stick with 2 here.
One public IP address is for the LAN connection and goes through a normal firewall.
The other public IP address is for a device (e.g. web server) that's connected on the DMZ with some level of firewalling involved.
There is no connection between the DMZ and the LAN - so no dual NICs required.  
Access to the web server is via the web.
Additional access can be set up of course and maybe another NIC would be used for this.

The Cisco RV042 is an example of a router that appears to work this way.  (I've not used it in this mode).
BILL CarlisleAPEX Developer


After rereading these more clicks, it seems Fred was the only one, at first, to hear what I was writing.

I still haven't done anything on this because it is a personal project which always seems to get pushed to the back.

Thank you for answering. I will look more at DMZ and DynDNA, it is a PAID account by the way.

thanks again,

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial