Re: Port Forwarding?
- From: "Chuck [MVP]" <none@xxxxxxxxxxx>
- Date: Sun, 26 Aug 2007 07:02:05 -0700
On Sun, 26 Aug 2007 07:31:13 -0500, "Mark Ivey" <wmivey6311@xxxxxxxxxxx> wrote:
"Chuck [MVP]" <none@xxxxxxxxxxx> wrote in message
news:spt1d3h0fp5ac3oorqndr7ma3v4tl6tbrc@xxxxxxxxxx
On Sat, 25 Aug 2007 21:27:49 -0500, "Mark Ivey" <wmivey6311@xxxxxxxxxxx>
wrote:
I would like to learn more about port forwarding.
I would like to be able to reach my PC from work.
Here is my current setup at home.
Windows XP (Home Edition)
D-Link (DI-514) Wireless Router
WebStar Cable Modem (DPX100 Series)
It is my understanding that I must setup a port forward on my router to be
able to access my PC from the web. The D-Link model I have refers to
something as a Virtual Server, but nothing about port forwarding. I would
like to do this, but I am concerned about the security risk involved as
well.
Can anyone educate me more on this topic or send me a link where I could
learn about it more?
TIA...
Mark Ivey
Mark,
The term "Virtual Server" is D-Link speak for port forwarding. You can
forward
any port using the setup on page 21 of the DI-514 manual. You'll have to
forward to a fixed IP address, so you'll have to disable DHCP for the
server.
But I wouldn't do this, if I were you. Plain old port forwarding (by any
name)
is notoriously unsafe. The forwarded port will be open to any computer on
the
Internet. I'd setup a VPN, which creates an encrypted tunnel between a
specific
computer at the other end of the tunnel, and your server. The DI-514 only
supports VPN passthru, so you'll have to setup a VPN client on the server.
<http://nitecruzr.blogspot.com/search/label/VPN?max-results=100>
http://nitecruzr.blogspot.com/search/label/VPN?max-results=100
Thanks for the information Chuck.
I agree that I need the added security with a VPN. Do you think something
like Real VNC would work well for this connection?
Mark Ivey
Mark,
VNC, in its many different brands (like *nx), is a remote desktop type product.
It doesn't in itself add any security, just functionality (the ability to see
the desktop). Now Sooner Al, another MVP who posts here too, will recommend VNC
over SSH, if you WANT remote desktop access.
The problem with VNC is that it requires you to leave the server connection up,
just as with any file sharing server connection. With UltraVNC, you can have
the "server" connect to the client, which is a big help in working through NAT
routers, but you still have one computer online all of the time, and exposed.
I use UVNC; I install the clients (remotely supported computers), and have them
(as "servers") call my network only when necessary. I can activate the
forwarded ports in my router when necessary, and not worry about open ports in
the clients routers. UVNC and the reverse server technique works when there are
2 people active, one person at the "server" doing the calling, the other at the
"client" setting up to receive the call. If you're going to use VNC, you have
to either leave one end up all of the time, or have a second person available at
the other end.
The advantage of the VPN is that, once it's established, the tunnel works only
between the 2 specific computers (end points). For a third computer to break
into it, it would have to break the multi level authentication and encryption,
plus spoof its identity.
So yes, you could use VNC, but it will add ability, not security.
--
Cheers,
Chuck, MS-MVP 2005-2007 [Windows - Networking]
http://nitecruzr.blogspot.com/
Paranoia is not a problem, when it's a normal response from experience.
My email is AT DOT
actual address pchuck mvps org.
.
- Follow-Ups:
- Re: Port Forwarding?
- From: Mark Ivey
- Re: Port Forwarding?
- References:
- Port Forwarding?
- From: Mark Ivey
- Re: Port Forwarding?
- From: Chuck [MVP]
- Re: Port Forwarding?
- From: Mark Ivey
- Port Forwarding?
- Prev by Date: Re: XP Networking problem
- Next by Date: Re: Only 1 PC at a time will show in workgroup
- Previous by thread: Re: Port Forwarding?
- Next by thread: Re: Port Forwarding?
- Index(es):
Relevant Pages
|
