Questions

How to access a computer / web server behind a firewall?

+
0 Votes
Locked

How to access a computer / web server behind a firewall?

HaunsTM
I apologize if I post this to the wrong forum. I'm new here.
This is my network situation:

http://www.fagotten.org/hansb/NetworkIllustration.jpg


I am looking for ways to access:

(1) my (own) web server (with IIS 6/Apache) (HTTP)
(2) my IP/Network cam (RTSP)

from my smartphone (3) from "Internet". I am a professional .NET-system developer but my networking skills are very poor.


My problem is that there are obstacles: i e an evil firewall (4)... Since my own web server (1) and IP/Network cam (2) are behind it (4), I have absolutely no idea how to reach them from my smart phone (3) from Internet.
My ISP doesn't allow port forwarding, but I know that there is a Socks5 server which I can reach at port 1080. I believe that I can use it for my purposes somehow?


My question:
Is it possible to reach my own web server at all from outside the firewall? How? Are there any other solutions for me except for changing my ISP?

With best regards,
Hans
+
0 Votes
OH Smeg
Collapse -
+
0 Votes
HaunsTM
Collapse -

Dear OH Smeg,
I have no doubt at all that you are quite right!

My problem is just that I am a complete novice at networking technology and don't know which information I should Google for ... :-(

Do you know if there is any easy-to-follow-tutorial on how I get my VPN? Do I set up the VPN myself or is it something I buy as a service? The main purpose with the whole thing is that I want to access my own web server behind the firewall.

+
0 Votes
HaunsTM
Collapse -

I should have figured out that myself... Thank you for your kind help! :o)

+
0 Votes
OH Smeg
Collapse -

However the way you do this is dependent on the hardware that you are using so there is no easy answer.

+
0 Votes
robo_dev
Collapse -

You say "your ISP does not allow port forwarding" ??

How are you connecting to the Internet?

Do you own/manage your own firewall/router?

If you are on a corporate or school network, while there are some very complicated ways to get to your web server and webcam from the outside, and for all intents and purposes, this won't work.

+
0 Votes
HaunsTM
Collapse -

Hi robo_dev!

Thank's for your answer. In my first post there's a link to an illustration of my internet situation. I am "located" in the yellow area (and if it is important, there is no webcam, only an IP-cam with its own webserver insid my private network). But please take a look at the illustration since I think it explains more than I can do with words.

Kind regards

+
0 Votes
HaunsTM
Collapse -

And yes, I own and manage my own hardware firewall/router? (in the yellow box in my illustration)

+
0 Votes
robo_dev
Collapse -

Based on the diagram you provided, unless you have admin access to the 'Housing Cooperative Network' router, you do not manage your own firewall router, effectively, and neither a direct connection or VPN would work, period.

You cannot get any traffic over any ports above and beyond those that are allowed by that device. Not to digress, but even if you had control of that router/firewall, having your own router/firewall connected to theirs makes things more complicated, such that something like a VPN would potentially not work.

In order to connect to a device on your network, you would need two things in that HCN router:

a) A NAT (Network Address Translation) Rule in the HCN router, to direct traffic from the external IP address of the router/firewall to your internal IP address (specifically to the IP address of your web server).

Not to digress but you would also need a second NAT rule in your OWN router/firewall...a static IP address and possibly a static route as well......

b) A firewall rule to open the port or ports needed for inbound communication in that HCN router.

While it *MAY* be possible to reconfigure just about any application to use port 1080 which is open, this won't help because without a NAT rule, traffic will not goto your server/camera. It is also likely that if there is a socks server there, a nat rule is already defined to direct port 1080 traffic to it.

A VPN of any sort would not help, because you still need inbound ports opened on the firewall, and a NAT rule to route traffic to the internal IP address of any VPN device or server you setup. (and then those settings would have to be applied to your own router, as well, plus some special settings to allow VPN traffic to pass-through your router).

I cannot think of a way to make this work on a phone, but if your 'life depended' on getting access to this, then there would be ways to 'tunnel' a remote-control connection from a PC, but that's somewhat complicated and involved.

A small complicating factor is that even if you could make all this work, if the HCN router uses a dynamic IP address, you would need to setup a dynamic DNS client on your LAN, outside your firewall so that you would have a DNS name to connect to from the outside.

+
0 Votes
HaunsTM
Collapse -

Thank you robo_dev for your explaining answer!

It was not the answer I wanted to hear but now I know that I need to change ISP if I should be able to reach my network resources "from outside". I just can't stop thinking about it, networking seems to be so unnessesary complicated.

Thank's anyway!