How do I setup my home computer to be accessible from outside using a domain name I own?

Hi All,
How do I setup my home computer to be accessible from outside using a domain name I own?
Dell Windows 7, Motorola cable modem, Cisco wireless router, Time Warner internet.

Did I select the correct "Topics"?

Thank you,
BillC
LVL 2
BILL CarlisleAPEX DeveloperAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

JohnBusiness Consultant (Owner)Commented:
You can use Radmin tools for this (Famatech). I use Radmin.

Put the Radmin server on your home machine and set it up.
Put the Radmin viewer on your remote machine and log into  your home machine.
0
CompProbSolvCommented:
In what way do you want it to be "accessible"?  Are you trying to access shared resources (folders, printers, web server, etc.) or do you want to see the monitor and to control the mouse and keyboard?

If it is control, there are different flavors of VNC (realvnc and tightvnc are popular) that will allow remote access.  You'd have to enable port forwarding on your router to allow access from the internet side.

If it is a Pro version of Windows, you can use Remote Desktop in a similar way as VNC.
0
Fred MarshallPrincipalCommented:
There are three fundamental ways that this is done.  It partly depends on whether the workstation you will be using is in one location or more than one location.  

- For one location, a site-to-site VPN connection that's supported by the internet gateway router is about as secure as you can get.  Generally it provides a computer on one network the ability to reach another network and its resources.  Great for office-to-office connections.

- Many other setups require that reaching an individual computer are specific to that computer.  Services like GoToAssist, LogMeIn, TeamViewer are all like this.  These run a server on the target machine which communicates with the service provider's facility providing a "here I am" presence.  Then, you connnect to it via the service provider's facilities either using a web interface or a local application program.  You don't have to set up port forwarding.  You do have to accept that there's a 3rd party in the middle - even if it is all encrypted.  It's like a "hosted VPN" implementation.

- Many free and common capabilities require that you open a port on the target computer's site router.  VNC, UltraVNC, etc. work this way.  You install a "server" on the target computer which listens on a particular port / address.  The router either maps this port or some other from the outside IP address to the inside computer IP address and port.  Remote desktop is the same.  This type of implementation is "passive" in the sense that the target computer only has to listen and doesn't have to broadcast "here I am" messages.  (And, if it did, where would it be sending them??).

- You should also be aware of DynamicDNS (DDNS).  If there is no "here I am" server running, then it's not possible for a service provider to know where the target computer is located (i.e. public IP address and port numbers).  And, if you are using a dynamic public IP address at the target computer end, then there is no known IP address.  This remains an issue even if there is "a domain name you own".  DDNS installs a "here I am" server on the target computer and continually updates the address location.  And, the service provides an IP address for outsiders to use to reach the network's actual IP address.  Some security camera setups use this .. just as an example.  If you have your own domain name then you can register a URL with the DDNS service so the domain is reachable.  There may be other ways but this is what I know and understand.

In the case of having a "here I am" server runrning, there is no  need to open a router port.  That's not because a port address isn't needed but because it's not going to be assumed that it's static.  
Consider this:  How do packets from the internet return to your computer when you are running 3 browsers and email all at the same time?  How do your packets not get mixed up with everyone else's at your facility?  The answer is generally buried in the NAT capability of your gateway router.  When a packet goes out, your application has a port number associated with it for your computer AND that application.  Then, when the packet leaves the building, the router  adds another port number to the outgoing packet.  When responses return, they are routed to the appropriate IP address and port number on the LAN .. just as it all started out.

But, if someone wants to connect from the outside independently/unilaterally then it doesn't have that response context that's described above.  So it has to have a port number which the router understands and will forward packets to the intended computer IP and port number / actually the totality of this is an "address".  This is what requires port forwarding.

I prefer to use services like GoToAssist for things like this.
1
Determine the Perfect Price for Your IT Services

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden with our free interactive tool and use it to determine the right price for your IT services. Download your free eBook now!

BILL CarlisleAPEX DeveloperAuthor Commented:
Awesome, I do need one of those.. VPN is what I do in client's network.

BUT, I appoligize for not being more clear.
What I was speaking about right now is what do I need to do to have outside people be able to hit my URL domain and access my web application I am building which has a log in.

1. I have a domain name
2. I want to be the hosting company for myself.. :)
3. I want it safe... secure

Thanks again,
BillC
0
JohnBusiness Consultant (Owner)Commented:
The Radmin connection is very secure. I use this myself over a VPN connection to my home office.
0
Fred MarshallPrincipalCommented:
So, you want to host your own website?

It's typical to set up a "demilitarized zone" / for this purpose and put the server in the DMZ.
This puts a firewall in front of the server and also in front of your LAN (separately).

A key question is do you have a static  public IP address?  If so then good.  If not then you will need either a static address or use DynDNS type of service to forward your URL to your current (dynamic) IP address.

Then, if it's static, there will need to be the appropriate records set up so that your URL associates with your IP address.  In other words, so that others will have DNS pointing to your site's IP address.

Your website should probably be configured to use https in order to encrypt communications.  
This is like Google.  If you go to http://www.google.com, it will come back automatically as https://www.google.com  Same thing for the login.
0
BILL CarlisleAPEX DeveloperAuthor Commented:
Great Fred!
I actually have a DynDNS account for security cameras I had.
Do they let you have your own domain name?
That probably is first step..
I will be using Glassfish so I am familiar with the certificates.. they are a pain to setup! :)
0
BILL CarlisleAPEX DeveloperAuthor Commented:
what is involved to set up a "demilitarized zone" ?
0
David Johnson, CD, MVPOwnerCommented:
Here is my setup:
1. Cable Internet
2,  cisco cable modem (4 ports) (192.168.0.x network) (netmask 255.255.255.0)
3. Ubiquiti Router (4 ports / wireless) (192.168.1.x network) (netmask 255.255.255.0)
4. 2 x computers (workstation and web server)
Network Diagram
Cable modem port forward incoming port 80/443 to web server, Each Router has their own firewall
In this configuration I could use only one computer with 2 network cards .. one network card going to the cable modem the other going to the router.
0
Fred MarshallPrincipalCommented:
Generally the DMZ is a feature of the gateway router...
0
BILL CarlisleAPEX DeveloperAuthor Commented:
Hi All,
  Ok, for this post lets just look at my initial question:
"How do I setup my home computer to be accessible from outside using a domain name I own?"


I have a domain "allinclusivesolutions.net".
I have DYNDNS account.
I have glassfish running accessing an application. http://localhost:8080/ords/f?p=100

I want outside users to be able to hit my application like this:
http://allinclusivesolutions/f?p=100

Can you help me?
I will ask separate questions for DMZ and VPNing into my computer.

Thank you,
Bill
0
CompProbSolvCommented:
If I understand your last post correctly, all you should need to do is port forwarding in your router to direct incoming port 80 to the local IP address of the web server and to convert the port from 80 to 8080.

I'm assuming that you really meant this for the outside link:
http://allinclusivesolutions.net/f?p=100
0
MathewCommented:
The way you asking is bit risky because there are tonnes of threats are behind the garden wall. When you setup such environment, make sure that your border security is good enough to protect from such threats, otherwise do not attempt .
0
Fred MarshallPrincipalCommented:
This question and the answers seem to have gone all over the place but the author remains dissatisfied.
The author "wants the implementation to be secure".  The issue of a DMZ was set aside and yet may well be at the core of a solution which answers this part of the original question.

We know that DynDNS is available.  This means that the URL is at least supported in the outside world.  That part is done.

Packets destined for the URL will arrive at the designated public IP address as a result.

But, will they arrive at the desired web server?  Is there a DynDNS server app running on that server?
Somehow the web server has to be reached locally.  So, it seems a reasonable assumption here that the web server "home computer" is running a Dyn updater service.  

Neglecting the security issue, isn't this all that's needed?

Including the security issue, what direction do you want to go if not with a DMZ or ....
You could always get another public IP address and put the web server there with suitable firewalling but then it wouldn't be a "home computer" would it?  In the end, what you want may not be entirely feasible if I understand what a "home computer" is.

I imagine that giving hardware configurations with specific equipment (that you probably don't have) aren't very useful.  So, I have avoided doing that in favor of moving toward a final goal iteratively with you.

Or, you might Google [put a web server at home] as there are lots of hits that relate to doing what you want.  You will find things that are completely insecure (as above) and things that use port forwarding in the local gateway router, etc.  Here's a pretty good and elementary article on that subject that addresses your question it seems rather directly:

http://www.howtogeek.com/66214/how-to-forward-ports-on-your-router/
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
David Johnson, CD, MVPOwnerCommented:
If you are using a free dyndns account it is different than using a paid account that has custom dns settings
FREE:
at DYNDNS
setup an account and add a name i.e.allinclusivesolutions.dyndns.net
setup the dyndns agent to reflect your ip changes (dynamic ip from isp)
at your domain registrar create a cname record
www.allinclusivesolutions.net that points to allinclusivesolutions.dyndns.net

PAID DYNDNS
at your domain registrar use the ns settings provided by dyn
add a zone for your domain
add the A record www.allinclusivesolutions.net to point to your dynamic DNS
at your domain registrar change the name server (NS records to point to where dyndns tells you i.e.
create an update user and use the dyn updater to update your account.
https://help.dyn.com/managed-dns-video-tutorials/#createfirstzone

as mentioned earlier you will have to modify your routers settings to port foward from
http tcp port 80 to http tcp port 8080 and the machines ip address
0
David Johnson, CD, MVPOwnerCommented:
as for security you will need another router and follow my previous diagram or use a switch that is configurable. A cheap one is the ubiquiti EdgeRouter (~$50USD), which has five separate interfaces, each that can be configured to be a separate set of IP addresses, that  is, separate subnets operating within your domain as individual Intranets.

A DMZ requires at least 2 computers or a pc with 2 network cards running a virtual machine.  Setting up a pfsense router (requires a machine running pfsense and 2 or more NIC's
0
Fred MarshallPrincipalCommented:
Some DMZ situations work like this:
Two or more public IP addresses.  I'll stick with 2 here.
One public IP address is for the LAN connection and goes through a normal firewall.
The other public IP address is for a device (e.g. web server) that's connected on the DMZ with some level of firewalling involved.
There is no connection between the DMZ and the LAN - so no dual NICs required.  
Access to the web server is via the web.
Additional access can be set up of course and maybe another NIC would be used for this.

The Cisco RV042 is an example of a router that appears to work this way.  (I've not used it in this mode).
0
BILL CarlisleAPEX DeveloperAuthor Commented:
After rereading these more clicks, it seems Fred was the only one, at first, to hear what I was writing.

I still haven't done anything on this because it is a personal project which always seems to get pushed to the back.

Thank you for answering. I will look more at DMZ and DynDNA, it is a PAID account by the way.

thanks again,
BillC
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Routers

From novice to tech pro — start learning today.