This article is also available as a PDF download.
You may have a home network with a permanent-on broadband connection that
allows you to access the outside world anytime 24/7, but how do you go the other
direction and access your home network from the public Internet? This might be possible if you wanted to spend two to four times the money on a broadband
account with a static IP address (an Internet Protocol address that doesn’t ever
change), but that’s not feasible for everyone.
Fortunately there is a free and easy solution to solve this problem with DDNS
(Dynamic DNS) service from DynDNS.com.
This article will show you how to set up a free account, configure
your router to update the DDNS server with your dynamically changing IP address,
and open the ports necessary to access your resources from the Internet.
Things you can do with Dynamic DNS:
- Remote Desktop or VNC into your own personal computer from anywhere on
the Internet. This usually doesn’t use a lot of bandwidth,
but it could if you enable desktop animation and audio or video playback
over the remote connection. You can learn how to
configure Remote Desktop securely in this article.
- Host a personal Web site from your own computer. This is
bandwidth constrained because most broadband services don’t have great
upload capacity. Most broadband connections are capped at around 128
to 384 kbps, although some lucky users have 1 mbps of upload capacity.
- Host your own FTP server. If your FTP site requires a
username and password, this is a dangerous thing to do because the
username and password are sent in the clear. Anyone can sniff that and
break into your FTP server. If the username and password are used for
other things as well, an attacker will be able to break into that too.
- Host your own game server. This is also bandwidth
constrained to approximately 40 kbps per gamer who connects from the
outside. Don’t try to
exceed eight external players if your upload capacity is 384 kbps.
- Host your videos with something like a Slingbox. Note that this
can kill your upload bandwidth because video is bandwidth hungry.
- The possibilities are endless once you have a Dynamic DNS address, but be
warned that capability comes with responsibility. You’re now opening
yourself up to the public Internet, and you must do what’s necessary to
harden your resources against hackers.
Create your own DynDNS.com account
To get started, you must create your own DynDNS account by going to the
DynDNS Web site and clicking on Create
Account. There, you’ll need to fill out some personal information and provide
a valid e-mail address for confirmation, along with the username and password.
Choose Other for How Did You Hear About Us and paste the link to this article
under Details. Agree to all the terms of usage and click Create Account.
Once you get a confirmation e-mail, you’ll need to click through the confirmation
link within 48 hours to activate your account. Once it’s activated, you can log
into your account.
When you’ve logged in, click on the My Services link in the upper-right corner of the DynDNS Web site.
Next, click on Add
Host Services. Then, click on Add
Dynamic DNS Host, and you’ll see the Web form shown in Figure A.
You can pick from a list of available domains to use. If
you’re a Linux fan, you might want something like “homelinux.org.” If
you’re a gamer and you want to host Internet games, you might like “game-host.org.”
There are many to choose from, but not every hostname will be available, since they may already be taken.
You need to fill in the Host Name and click
the Add Host button on the form. You won’t need to enter the IP address
because it should already be filled out, and it’s the job of the router to update
this IP address. So if you choose “homeip.net” as the domain and choose some
unique and never used before hostname, such as “MyUniqueHostName,” your new
DDNS name on the public Internet will be “MyUniqueHostName.homeip.net.”
Anyone accessing MyUniqueHostName.homeip.net will get to your home address even
if it’s constantly changing.
Forwarding ports to your internal network
Once your DDNS account is set up, you’ll need to configure your router to
update the server with your IP address. You’ll need to verify that your
router supports DynDNS. I’m going to show this with a relatively cheap
Linksys WRT54GS router, which is fully certified to update DynDNS.org.
Note: There is an alternative to router-based DDNS updates, and
DynDNS.com offers a Windows
client. I personally don’t like to run any extra software on my
computer, so I prefer using a hardware client and having it taken care of in
Figure B shows the configuration page for DDNS. It’s on
the main Setup page under DDNS. Simply select DynDNS.org as the DDNS
Service, type in the username you set up with DynDNS.com, enter your
password, and type in the fully qualified hostname, such as MyUniqueHostName.homeip.net.
Now, click the Save Settings button. When this is complete and the Web page
refreshes, it should say DDNS is updated successfully under Status. This
means MyUniqueHostName.homeip.net is now reachable from the public Internet.
Once your fully qualified DDNS name is visible from the Internet, you’ll need
to open the appropriate ports to access the applications you want. In
Figure C, in the Applications Gaming section and under Port Range
Forward, you’ll need to add some ports. The Application column is just a
name you choose to label the ports you’re opening. In my example,
I’ve opened up TCP ports 3389 and 3390 for terminal services. Anything
coming from the public Internet going to port 3389 (used for Remote Desktop or
Terminal Services) will get rerouted to the internal host 192.168.1.11.
Port 3390 is a nonstandard port I chose for a second Remote Desktop host that
will get rerouted to internal host 192.168.1.12. Once you’ve completed
these port-forwarding entries, click on the Save Settings button to save your changes. Note that you should use static IP addresses
on these internal hosts because any change in a DHCP address will cause port
forwarding to break.
Changing the Windows Remote Desktop port
Windows Remote Desktop defaults to TCP 3389, but you can have only one
machine using this port when you’re sharing a single IP address. If you
want to open up a second computer for Remote Desktop, you’ll need to configure a
nonstandard port. You will need to edit the following registry key with
the RegEdit command:
- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp
Figure D shows how this will look like under Vista, but it should look
similar in Windows XP. To set an alternative key for the second
Remote Desktop host with the IP address of 192.168.1.12, simply change the
default 3389 value to 3390. You can keep incrementing the ports for
additional hosts you want to open to the Internet.
Don’t forget about security
As powerful and useful as this technique is, convenience comes with
responsibility. Anytime you open a port to the outside world, that
service — whether it’s a Web server or Remote Desktop server — can potentially be a
backdoor into your network if you’re not careful with security. Opening
up ports to the Internet means that anyone around the globe can take a shot at
your services. Remember that it
doesn’t matter what
operating system or platform you’re using. When it comes to getting hacked on
the public Internet, the most important thing is that you follow best practices
for locking down the services you expose. Since this
article gives examples of using Remote Desktop from anywhere on the Internet, it
is critical that you
configure Remote Desktop securely.