cancel
Showing results for 
Search instead for 
Did you mean: 

Accessing my home LAN externally via a Netgear DG834GT

N/A

Accessing my home LAN externally via a Netgear DG834GT

I'm pretty new to network configuration so apologies if any of the following sounds dumb!

Have a small local network (3 hardwired PCs) connected up via a DG834GT at home. They're either running XP Home or Pro.

Network is working fine based on default settings of the router. ADSL access also working fine. I haven't changed any of the default settings (e.g. machines are getting IP address automatically as is the router).

I would like to get external access into the LAN (e.g. to FTP, or even remote access the machines e.g via VNC).

a) Firstly, is this advisable i.e. security wise?
b) is it possible with this router?
c) If so can you point me in the direction of how to set up the router/machines to do this. What's the advantage of having the router and/or the machines having static IP addresses - do I actually need that?

At the moment I can't even ping my PlusNet IP address externally - it just gives "Request Timed Out".

I'm a bit stuck really and don't know where to begin.

Many thanks
9 REPLIES
N/A

Re: Accessing my home LAN externally via a Netgear DG834GT

Quote

a) Firstly, is this advisable i.e. security wise?

Depends on what value you place on the data inside your lan, what package(s) you're using and if you can use a static ip address to access your home lan.

Quote

b) is it possible with this router?

Yes, and fairly easy to setup.

Quote

c) If so can you point me in the direction of how to set up the router/machines to do this. What's the advantage of having the router and/or the machines having static IP addresses - do I actually need that?

It really depends on what you want to do...

Static addresses on the internal side of the network will make it easier to setup the port forwarding rules... so for the machine you wish to receive incomming traffic allocate it a static IP address in the same subnet as the DHCP addresses...

What I've done is set my DHCP server in my router to allocate addresses in the 192.168.0.100 / 192.168.0.200 range and I use <100 for static addresses.

To gain remote access to your network you will need to configure your DG834 to forward traffic from the internet to your PC.

You can do this on a port-by-port basis or configure one machine to be a 'DMZ' - basically a zone with in the internal network which is reachable from both the outside word and internally - though usually with restrictions.

Let us know what you want to do and we'll tell you how and the best way of doing. (I'd not recommend VNC without atleast tunnelling it through SSH).


Quote

At the moment I can't even ping my PlusNet IP address externally - it just gives "Request Timed Out".

The DG834 series (and most other routers) will deny incomming ICMP ECHO REQUESTS (the incomming ping packet) from external addresses. This is a good security precaution as a lot of network scans use a ping response to indicate a machine is present and to investigate further.
MarkAngel
Grafter
Posts: 89
Registered: 30-07-2007

Accessing my home LAN externally via a Netgear DG834GT

Hi mbeedub,
Actually this is quite easy to do, I've done it and generally access my PC remotely on a Daily basis in a manner that you describe.

Firstly you need to have Remote Desktop enabled on your PC's and Port TCP 3389 open in what ever firewalls your PC.

Then in your Router under Services Add a Service Call it somthing like RemotePC1 TCP on port 3389 and save it.

Now go into LAN IP Setup and Click Add, if the PC's are turned on then this is quite simple as they should be listed on screen, otherwise you will have to add them manually. This is basically giving them a Fixed IP which they will need....remember what is what, I suggest starting at 192.168.0.10 then go from there.

Then you will need to go to Firewall Rules then add the service that you created Called b]RemotePC1 as an incomming port for 192.168.0.10 (if this is what you started at).

Once done this allows the first PC to be access from outside the Router...dont worry if you ping your router externally and get no reply.

You can then either remote the other PC's fromt he PC you are on or do the same for the other, but you will need to change the remote desktop port for the other PC's so that they are different. To do this you will need to mofify the registry and change :

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\TerminalServer\WinStations\RDP-Tcp\PortNumber
Just use the next number up from 3389 (ie. 3390, and 3391)

Then follow the above with the appropriate change.

Then just install the Remote Desktop client (from Microsofts website) on any PC you want to do the remoting from (think Terminal Service may do the job too, and this is on Win2K by default).

Then when connecting to first PC (away from home) just enter your Home IP address, for the other PC's you need to put a Semi-colon after the IP address and use the remote desktop ports you used (3390, 3391).

You can also set up a web interface on your PC so you can do it all through a web browser (thats what I do now). Let me know if you want to know how to do that too.

Hope this makes a little sence as I may have rushed it a bit.

Good luck
Mark
N/A

Accessing my home LAN externally via a Netgear DG834GT

Solstans, Malynch

Thank you both.

PlusNet have allocated me an external static IP address so I can use that. Does this help security wise?

Thanks on the ping information - makes sense not to be able to ping it.

Basically what I want to do is:
(a) up and download data from one of the machines
(b) remote access any of the three machines
(c) host a web site on one machine

I generally will be accessing my home LAN from one of two locations (office and a friends house). Could I set up the router so that only incoming requests from the office IP addresses (it could be a range?) or my friends house are allowed access. I don't really need access to be allowed from all and any machine on the internet at this point.

I like the idea of a DMZ if that's more secure. But if the above is possible then perhaps there's no need for that?

I have one machine which internally just acts as a print and backup server. That could be set up as the DMZ presumably and possibly the web server (it's just going to be for personal use. very low traffic)?

Another machine has all the data on it - that's the one I want to be able to transfer data with but would prefer it to be as secure as possible. It's running standalone apps (e.g. video and music editing).

I don't want to set up gaming servers or anything like that at this point.

We can leave the third machine out of the equation for now although remote access into it would be useful.

VNC is what I'm used to using remote access wise (and use it on the internal LAN) so would prefer to use that if possible (although don't mind using MS remote access if that's better/more secure). What's SSH? is that easy to set up? How do I set up VNC with that?

Given the above information do you have any further recommendations? I'm happy to give it all a go...

Sorry for all the continuing questions but your help is really appreciated.

Cheers
N/A

Accessing my home LAN externally via a Netgear DG834GT

use remotedesktop as its more secure than VNC, SSH is secureshell , its telnet but encrypted.

If you want to be able to axx all 3 pcs, what u can do is set the router to forward a different port to each one eg 3389 3390 3391 so they each point to 3389 on a diff box, then all you do is your.ip.here:port_here and it connects to the correct PC.

A dmz is far less secure, as it opens everything on that one box to the net, a generaly bad idea
N/A

Accessing my home LAN externally via a Netgear DG834GT

Buz,


VNC tunnelled through SSH providing you've got an up to date ssh distribution should be just as secure as Remote desktop (not actually used rdp as I only use VNC internally to control my desktop/server from my laptop).
MarkAngel
Grafter
Posts: 89
Registered: 30-07-2007

Accessing my home LAN externally via a Netgear DG834GT

To be honest I wouldn't touch DMZ with a barge pole, unless you really know what you are doing, it makes that machine open to the WWW, and unless you take adequate precautions you could be in for a world of hurt.

VNC is fine over your own LAN, but using it remotely, I suspect would be almost unusable, from a Lag point of view.

I'd recommend just sticking with Remote Desktop for now, it was designed exactly for this type of purpose. It is optimised for LAN/WAN usage (built from Winframe/Terminal Serice/Citrix experience and know-how) and is an inherit part of XP and not some out of the box software.

Once set up correctly RD can be used from within Internet Explorer, so no matter what PC/Mac or just basic computer with Internet access you are running you can access it from anywhere without having to install any software on any PC...it's just brilliant.

Check this out if you are interested.

http://www.microsoft.com/windowsxp/downloads/tools/rdwebconn.mspx
N/A

Accessing my home LAN externally via a Netgear DG834GT

Thanks Malynch

Well I've managed to setup both and FTP server (using BulletProof on the XP Home PC) and it's working fine.

Also got VNC and Remote Desktop working. Ran a few trials. Interestingly when you put put in equivalent settings for VNC and RD (i.e. colour setting, remove wallpaper image and UI effects), VNC isn't that much behind RD performance wise but it's true RD does seem to just have the edge.

Unfortunately the thing about RD is that teh RD server s only available in XP pro which doesn't help me on my other XP home machines.

Still the solution for now is to RD into the Pro machine and if needed VNC into the other machines from there- a bit convoluted but seems to work ok for my needs.

Now I just need to hone the security on the Pro machine (i.e. change passwords to strong passwords, have the machine logged in only as a user, not administrator etc).

Is there any point changing the port RD uses for security reasons?

Thanks again for all the help.
MarkAngel
Grafter
Posts: 89
Registered: 30-07-2007

Accessing my home LAN externally via a Netgear DG834GT

In my opinion I would't bother changing the ports unless you really have too, its only used for RD, and no one can ping you direct to do anything with it, unless someone knew your IP, Knew you had RD set up, knew your PC was on, knew you weren't there, and knew your user ID/Password....

One of the good advantaged of Remote Desktop is all the features it offers you, like scaling desktop Colours/Resolution, enabling access to Local Drive Letters and Printers even Sound if you want....very useful from time to time.

What you can do is switch on your Router Logs to see when anyone access the RD port (ie using RD), this can tell you if someone is trying to get in (other than you obviously).

Mark
N/A

Accessing my home LAN externally via a Netgear DG834GT

Don't think I can set up my router to specifically log or alert on particular ports but it does log TCP access etc so I can check these.

Thanks again for all the help. I got up and running much faster than I would have done otherwise.

Cheers