Re: Port Forwarding?
- From: "Chuck [MVP]" <none@xxxxxxxxxxx>
- Date: Sun, 26 Aug 2007 21:50:35 -0700
On Sun, 26 Aug 2007 18:46:51 -0500, "Mark Ivey" <wmivey6311@xxxxxxxxxxx> wrote:
"Chuck [MVP]" <none@xxxxxxxxxxx> wrote in message
news:ji03d3huea883bg5s6cdk4qfv5n40rge3e@xxxxxxxxxx
On Sun, 26 Aug 2007 07:31:13 -0500, "Mark Ivey" <wmivey6311@xxxxxxxxxxx>
wrote:
"Chuck [MVP]" <none@xxxxxxxxxxx> wrote in message
news:spt1d3h0fp5ac3oorqndr7ma3v4tl6tbrc@xxxxxxxxxx
On Sat, 25 Aug 2007 21:27:49 -0500, "Mark Ivey" <wmivey6311@xxxxxxxxxxx>
wrote:
I would like to learn more about port forwarding.
I would like to be able to reach my PC from work.
Here is my current setup at home.
Windows XP (Home Edition)
D-Link (DI-514) Wireless Router
WebStar Cable Modem (DPX100 Series)
It is my understanding that I must setup a port forward on my router to
be
able to access my PC from the web. The D-Link model I have refers to
something as a Virtual Server, but nothing about port forwarding. I
would
like to do this, but I am concerned about the security risk involved as
well.
Can anyone educate me more on this topic or send me a link where I could
learn about it more?
TIA...
Mark Ivey
Mark,
The term "Virtual Server" is D-Link speak for port forwarding. You can
forward
any port using the setup on page 21 of the DI-514 manual. You'll have
to
forward to a fixed IP address, so you'll have to disable DHCP for the
server.
But I wouldn't do this, if I were you. Plain old port forwarding (by
any
name)
is notoriously unsafe. The forwarded port will be open to any computer
on
the
Internet. I'd setup a VPN, which creates an encrypted tunnel between a
specific
computer at the other end of the tunnel, and your server. The DI-514
only
supports VPN passthru, so you'll have to setup a VPN client on the
server.
<http://nitecruzr.blogspot.com/search/label/VPN?max-results=100>
http://nitecruzr.blogspot.com/search/label/VPN?max-results=100
Thanks for the information Chuck.
I agree that I need the added security with a VPN. Do you think something
like Real VNC would work well for this connection?
Mark Ivey
Mark,
VNC, in its many different brands (like *nx), is a remote desktop type
product.
It doesn't in itself add any security, just functionality (the ability to
see
the desktop). Now Sooner Al, another MVP who posts here too, will
recommend VNC
over SSH, if you WANT remote desktop access.
The problem with VNC is that it requires you to leave the server
connection up,
just as with any file sharing server connection. With UltraVNC, you can
have
the "server" connect to the client, which is a big help in working through
NAT
routers, but you still have one computer online all of the time, and
exposed.
I use UVNC; I install the clients (remotely supported computers), and have
them
(as "servers") call my network only when necessary. I can activate the
forwarded ports in my router when necessary, and not worry about open
ports in
the clients routers. UVNC and the reverse server technique works when
there are
2 people active, one person at the "server" doing the calling, the other
at the
"client" setting up to receive the call. If you're going to use VNC, you
have
to either leave one end up all of the time, or have a second person
available at
the other end.
The advantage of the VPN is that, once it's established, the tunnel works
only
between the 2 specific computers (end points). For a third computer to
break
into it, it would have to break the multi level authentication and
encryption,
plus spoof its identity.
So yes, you could use VNC, but it will add ability, not security.
Thanks for the advice Chuck.
Can you give me some tips on setting up a VPN?
Mark Ivey
I have written about some issues that you might want to consider.
<http://nitecruzr.blogspot.com/2006/12/using-internet-as-wan-link-use-vpn.html>
http://nitecruzr.blogspot.com/2006/12/using-internet-as-wan-link-use-vpn.html
I have yet to write a setup tutorial, though.
The above article leaves two relevant issues for you to consider.
1) Your router the DLink DI-514 is out of date, and doesn't have VPN endpoint
capability. It will do VPN passthru, I believe. That will require that you
setup one of your computers as the VPN server, and only that computer will be
accessible from work.
2) The LAN admins at your workplace may have a policy on VPNs, and provide some
specific guidelines (possibly requirements) on what type of VPN you can setup.
I, personally, prefer to setup a VPN using a NAT router as the endpoint. This
has its advantages and disadvantages though.
Router Endpoint Advantages
# No software to load on the computer.
# No reconfiguration of your LAN.
# Accessibility of all computers on your LAN (may be an advantage or
disadvantage).
# The server that you want to access from work remains accessible to the other
computers on your LAN.
# VPN tunnel maintenance is on the router, leaving the processor on the
computers free for normal work.
Router Endpoint Disadvantages
# You need a VPN Endpoint router.
# If your workplace requires, when the tunnel is active, all traffic to the
Internet will run through your workplace. This will increase latency, and your
home Internet activity will be subject to your employers policies.
--
Cheers,
Chuck, MS-MVP 2005-2007 [Windows - Networking]
http://nitecruzr.blogspot.com/
Paranoia is not a problem, when it's a normal response from experience.
My email is AT DOT
actual address pchuck mvps org.
.
- References:
- Port Forwarding?
- From: Mark Ivey
- Re: Port Forwarding?
- From: Chuck [MVP]
- Re: Port Forwarding?
- From: Mark Ivey
- Re: Port Forwarding?
- From: Chuck [MVP]
- Re: Port Forwarding?
- From: Mark Ivey
- Port Forwarding?
- Prev by Date: Re: mshome is not accessble
- Next by Date: Re: setup network help
- Previous by thread: Re: Port Forwarding?
- Next by thread: Re: Port Forwarding?
- Index(es):
Relevant Pages
|
