Questions

How to access a computer / web server behind a firewall?

Tags:
+
0 Votes
Locked

How to access a computer / web server behind a firewall?

HaunsTM
I apologize if I post this to the wrong forum. I'm new here.
This is my network situation:

http://www.fagotten.org/hansb/NetworkIllustration.jpg


I am looking for ways to access:

(1) my (own) web server (with IIS 6/Apache) (HTTP)
(2) my IP/Network cam (RTSP)

from my smartphone (3) from "Internet". I am a professional .NET-system developer but my networking skills are very poor.


My problem is that there are obstacles: i e an evil firewall (4)... Since my own web server (1) and IP/Network cam (2) are behind it (4), I have absolutely no idea how to reach them from my smart phone (3) from Internet.
My ISP doesn't allow port forwarding, but I know that there is a Socks5 server which I can reach at port 1080. I believe that I can use it for my purposes somehow?


My question:
Is it possible to reach my own web server at all from outside the firewall? How? Are there any other solutions for me except for changing my ISP?

With best regards,
Hans
  • +
    0 Votes
    HaunsTM

    Dear OH Smeg,
    I have no doubt at all that you are quite right!

    My problem is just that I am a complete novice at networking technology and don't know which information I should Google for ... :-(

    Do you know if there is any easy-to-follow-tutorial on how I get my VPN? Do I set up the VPN myself or is it something I buy as a service? The main purpose with the whole thing is that I want to access my own web server behind the firewall.

    +
    0 Votes
    OH Smeg

    However the way you do this is dependent on the hardware that you are using so there is no easy answer.

    +
    0 Votes
    robo_dev

    You say "your ISP does not allow port forwarding" ??

    How are you connecting to the Internet?

    Do you own/manage your own firewall/router?

    If you are on a corporate or school network, while there are some very complicated ways to get to your web server and webcam from the outside, and for all intents and purposes, this won't work.

    +
    0 Votes
    HaunsTM

    Hi robo_dev!

    Thank's for your answer. In my first post there's a link to an illustration of my internet situation. I am "located" in the yellow area (and if it is important, there is no webcam, only an IP-cam with its own webserver insid my private network). But please take a look at the illustration since I think it explains more than I can do with words.

    Kind regards

    +
    0 Votes
    HaunsTM

    And yes, I own and manage my own hardware firewall/router? (in the yellow box in my illustration)

    +
    0 Votes
    robo_dev

    Based on the diagram you provided, unless you have admin access to the 'Housing Cooperative Network' router, you do not manage your own firewall router, effectively, and neither a direct connection or VPN would work, period.

    You cannot get any traffic over any ports above and beyond those that are allowed by that device. Not to digress, but even if you had control of that router/firewall, having your own router/firewall connected to theirs makes things more complicated, such that something like a VPN would potentially not work.

    In order to connect to a device on your network, you would need two things in that HCN router:

    a) A NAT (Network Address Translation) Rule in the HCN router, to direct traffic from the external IP address of the router/firewall to your internal IP address (specifically to the IP address of your web server).

    Not to digress but you would also need a second NAT rule in your OWN router/firewall...a static IP address and possibly a static route as well......

    b) A firewall rule to open the port or ports needed for inbound communication in that HCN router.

    While it *MAY* be possible to reconfigure just about any application to use port 1080 which is open, this won't help because without a NAT rule, traffic will not goto your server/camera. It is also likely that if there is a socks server there, a nat rule is already defined to direct port 1080 traffic to it.

    A VPN of any sort would not help, because you still need inbound ports opened on the firewall, and a NAT rule to route traffic to the internal IP address of any VPN device or server you setup. (and then those settings would have to be applied to your own router, as well, plus some special settings to allow VPN traffic to pass-through your router).

    I cannot think of a way to make this work on a phone, but if your 'life depended' on getting access to this, then there would be ways to 'tunnel' a remote-control connection from a PC, but that's somewhat complicated and involved.

    A small complicating factor is that even if you could make all this work, if the HCN router uses a dynamic IP address, you would need to setup a dynamic DNS client on your LAN, outside your firewall so that you would have a DNS name to connect to from the outside.

    +
    0 Votes
    HaunsTM

    Thank you robo_dev for your explaining answer!

    It was not the answer I wanted to hear but now I know that I need to change ISP if I should be able to reach my network resources "from outside". I just can't stop thinking about it, networking seems to be so unnessesary complicated.

    Thank's anyway!

    +
    0 Votes
    TheAsian

    The easy way is to install Google Chrome and install the remote pc app, because Google has an open relay server that can connect to your computer at home through firewalls using active TCP sessions.

    The same thing for Logmein.com as well. There's an app for the iPhone. You mentioned smartphone, but you didn't mention what specific kind of smartphone you have.

    You can install Serversman webserver on your PC and access it from your smartphone via Safari browser or you can install the Serversman app itself and run a webserver on your smartphone and access it from your PC. I've done this with my iPhone 5 and installed it on both the PC and the iPhone 5. To put Serversman webserver on your iPhone, it needs to be jail broken with Cydia install.

    The hard way is to install a secure shell server, then do a reverse tunnel for specific ports you want to be able to reverse-forward into your PC, make sure you put your port to something that's not commonly blocked like port 443, which is what my secure shell server is set on.

    An alternate way is to install The Onion Router or TOR on your computer and run a webserver and point everything to the hidden service. TOR runs on socks version 4 or 5 on port 9050 or 9150. Then you can run a TOR connection on your local PC from a remote place and connect to your webserver using the TOR Darknet network.

  • +
    0 Votes
    HaunsTM

    Dear OH Smeg,
    I have no doubt at all that you are quite right!

    My problem is just that I am a complete novice at networking technology and don't know which information I should Google for ... :-(

    Do you know if there is any easy-to-follow-tutorial on how I get my VPN? Do I set up the VPN myself or is it something I buy as a service? The main purpose with the whole thing is that I want to access my own web server behind the firewall.

    +
    0 Votes
    OH Smeg

    However the way you do this is dependent on the hardware that you are using so there is no easy answer.

    +
    0 Votes
    robo_dev

    You say "your ISP does not allow port forwarding" ??

    How are you connecting to the Internet?

    Do you own/manage your own firewall/router?

    If you are on a corporate or school network, while there are some very complicated ways to get to your web server and webcam from the outside, and for all intents and purposes, this won't work.

    +
    0 Votes
    HaunsTM

    Hi robo_dev!

    Thank's for your answer. In my first post there's a link to an illustration of my internet situation. I am "located" in the yellow area (and if it is important, there is no webcam, only an IP-cam with its own webserver insid my private network). But please take a look at the illustration since I think it explains more than I can do with words.

    Kind regards

    +
    0 Votes
    HaunsTM

    And yes, I own and manage my own hardware firewall/router? (in the yellow box in my illustration)

    +
    0 Votes
    robo_dev

    Based on the diagram you provided, unless you have admin access to the 'Housing Cooperative Network' router, you do not manage your own firewall router, effectively, and neither a direct connection or VPN would work, period.

    You cannot get any traffic over any ports above and beyond those that are allowed by that device. Not to digress, but even if you had control of that router/firewall, having your own router/firewall connected to theirs makes things more complicated, such that something like a VPN would potentially not work.

    In order to connect to a device on your network, you would need two things in that HCN router:

    a) A NAT (Network Address Translation) Rule in the HCN router, to direct traffic from the external IP address of the router/firewall to your internal IP address (specifically to the IP address of your web server).

    Not to digress but you would also need a second NAT rule in your OWN router/firewall...a static IP address and possibly a static route as well......

    b) A firewall rule to open the port or ports needed for inbound communication in that HCN router.

    While it *MAY* be possible to reconfigure just about any application to use port 1080 which is open, this won't help because without a NAT rule, traffic will not goto your server/camera. It is also likely that if there is a socks server there, a nat rule is already defined to direct port 1080 traffic to it.

    A VPN of any sort would not help, because you still need inbound ports opened on the firewall, and a NAT rule to route traffic to the internal IP address of any VPN device or server you setup. (and then those settings would have to be applied to your own router, as well, plus some special settings to allow VPN traffic to pass-through your router).

    I cannot think of a way to make this work on a phone, but if your 'life depended' on getting access to this, then there would be ways to 'tunnel' a remote-control connection from a PC, but that's somewhat complicated and involved.

    A small complicating factor is that even if you could make all this work, if the HCN router uses a dynamic IP address, you would need to setup a dynamic DNS client on your LAN, outside your firewall so that you would have a DNS name to connect to from the outside.

    +
    0 Votes
    HaunsTM

    Thank you robo_dev for your explaining answer!

    It was not the answer I wanted to hear but now I know that I need to change ISP if I should be able to reach my network resources "from outside". I just can't stop thinking about it, networking seems to be so unnessesary complicated.

    Thank's anyway!

    +
    0 Votes
    TheAsian

    The easy way is to install Google Chrome and install the remote pc app, because Google has an open relay server that can connect to your computer at home through firewalls using active TCP sessions.

    The same thing for Logmein.com as well. There's an app for the iPhone. You mentioned smartphone, but you didn't mention what specific kind of smartphone you have.

    You can install Serversman webserver on your PC and access it from your smartphone via Safari browser or you can install the Serversman app itself and run a webserver on your smartphone and access it from your PC. I've done this with my iPhone 5 and installed it on both the PC and the iPhone 5. To put Serversman webserver on your iPhone, it needs to be jail broken with Cydia install.

    The hard way is to install a secure shell server, then do a reverse tunnel for specific ports you want to be able to reverse-forward into your PC, make sure you put your port to something that's not commonly blocked like port 443, which is what my secure shell server is set on.

    An alternate way is to install The Onion Router or TOR on your computer and run a webserver and point everything to the hidden service. TOR runs on socks version 4 or 5 on port 9050 or 9150. Then you can run a TOR connection on your local PC from a remote place and connect to your webserver using the TOR Darknet network.