This article is also available as a PDF download.
You may have a home network with a permanent-on broadband connection that allows you to access the outside world anytime 24/7, but how do you go the other direction and access your home network from the public Internet? This might be possible if you wanted to spend two to four times the money on a broadband account with a static IP address (an Internet Protocol address that doesn't ever change), but that's not feasible for everyone. Fortunately there is a free and easy solution to solve this problem with DDNS (Dynamic DNS) service from DynDNS.com. This article will show you how to set up a free account, configure your router to update the DDNS server with your dynamically changing IP address, and open the ports necessary to access your resources from the Internet.
Things you can do with Dynamic DNS:
- Remote Desktop or VNC into your own personal computer from anywhere on the Internet. This usually doesn't use a lot of bandwidth, but it could if you enable desktop animation and audio or video playback over the remote connection. You can learn how to configure Remote Desktop securely in this article.
- Host a personal Web site from your own computer. This is bandwidth constrained because most broadband services don't have great upload capacity. Most broadband connections are capped at around 128 to 384 kbps, although some lucky users have 1 mbps of upload capacity.
- Host your own FTP server. If your FTP site requires a username and password, this is a dangerous thing to do because the username and password are sent in the clear. Anyone can sniff that and break into your FTP server. If the username and password are used for other things as well, an attacker will be able to break into that too.
- Host your own game server. This is also bandwidth constrained to approximately 40 kbps per gamer who connects from the outside. Don't try to exceed eight external players if your upload capacity is 384 kbps.
- Host your videos with something like a Slingbox. Note that this can kill your upload bandwidth because video is bandwidth hungry.
- The possibilities are endless once you have a Dynamic DNS address, but be warned that capability comes with responsibility. You're now opening yourself up to the public Internet, and you must do what's necessary to harden your resources against hackers.
Create your own DynDNS.com account
To get started, you must create your own DynDNS account by going to the DynDNS Web site and clicking on Create Account. There, you'll need to fill out some personal information and provide a valid e-mail address for confirmation, along with the username and password. Choose Other for How Did You Hear About Us and paste the link to this article under Details. Agree to all the terms of usage and click Create Account. Once you get a confirmation e-mail, you'll need to click through the confirmation link within 48 hours to activate your account. Once it's activated, you can log into your account.
When you've logged in, click on the My Services link in the upper-right corner of the DynDNS Web site. Next, click on Add Host Services. Then, click on Add Dynamic DNS Host, and you'll see the Web form shown in Figure A. You can pick from a list of available domains to use. If you're a Linux fan, you might want something like "homelinux.org." If you're a gamer and you want to host Internet games, you might like "game-host.org." There are many to choose from, but not every hostname will be available, since they may already be taken.
You need to fill in the Host Name and click the Add Host button on the form. You won't need to enter the IP address because it should already be filled out, and it's the job of the router to update this IP address. So if you choose "homeip.net" as the domain and choose some unique and never used before hostname, such as "MyUniqueHostName," your new DDNS name on the public Internet will be "MyUniqueHostName.homeip.net." Anyone accessing MyUniqueHostName.homeip.net will get to your home address even if it's constantly changing.
Forwarding ports to your internal network
Once your DDNS account is set up, you'll need to configure your router to update the server with your IP address. You'll need to verify that your router supports DynDNS. I'm going to show this with a relatively cheap Linksys WRT54GS router, which is fully certified to update DynDNS.org.
Note: There is an alternative to router-based DDNS updates, and DynDNS.com offers a Windows client. I personally don't like to run any extra software on my computer, so I prefer using a hardware client and having it taken care of in the router.
Figure B shows the configuration page for DDNS. It's on the main Setup page under DDNS. Simply select DynDNS.org as the DDNS Service, type in the username you set up with DynDNS.com, enter your password, and type in the fully qualified hostname, such as MyUniqueHostName.homeip.net. Now, click the Save Settings button. When this is complete and the Web page refreshes, it should say DDNS is updated successfully under Status. This means MyUniqueHostName.homeip.net is now reachable from the public Internet.
Once your fully qualified DDNS name is visible from the Internet, you'll need to open the appropriate ports to access the applications you want. In Figure C, in the Applications Gaming section and under Port Range Forward, you'll need to add some ports. The Application column is just a name you choose to label the ports you're opening. In my example, I've opened up TCP ports 3389 and 3390 for terminal services. Anything coming from the public Internet going to port 3389 (used for Remote Desktop or Terminal Services) will get rerouted to the internal host 192.168.1.11. Port 3390 is a nonstandard port I chose for a second Remote Desktop host that will get rerouted to internal host 192.168.1.12. Once you've completed these port-forwarding entries, click on the Save Settings button to save your changes. Note that you should use static IP addresses on these internal hosts because any change in a DHCP address will cause port forwarding to break.
Changing the Windows Remote Desktop port
Windows Remote Desktop defaults to TCP 3389, but you can have only one machine using this port when you're sharing a single IP address. If you want to open up a second computer for Remote Desktop, you'll need to configure a nonstandard port. You will need to edit the following registry key with the RegEdit command:
- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp
Figure D shows how this will look like under Vista, but it should look similar in Windows XP. To set an alternative key for the second Remote Desktop host with the IP address of 192.168.1.12, simply change the default 3389 value to 3390. You can keep incrementing the ports for additional hosts you want to open to the Internet.
Don't forget about security
As powerful and useful as this technique is, convenience comes with responsibility. Anytime you open a port to the outside world, that service -- whether it's a Web server or Remote Desktop server -- can potentially be a backdoor into your network if you're not careful with security. Opening up ports to the Internet means that anyone around the globe can take a shot at your services. Remember that it doesn't matter what operating system or platform you're using. When it comes to getting hacked on the public Internet, the most important thing is that you follow best practices for locking down the services you expose. Since this article gives examples of using Remote Desktop from anywhere on the Internet, it is critical that you configure Remote Desktop securely.