Port forwarding for the absolutely, totally clueless, e.g. me

We have a wireless DSL router whose principal purpose is to enable our access to the internet. It pretty much did this right out of the box, and we’ve had the same one – this one – for several years. For internet access it’s been almost entirely trouble free.

However, I can’t fathom how to make my home network available to me when I’m away from home. There’s a range of relative IP addresses, 192.168.xxx.xxx which includes everything that we using through this gateway. For example, this notebook is 192.168.1.45, and the printer is 192.168.1.44. Our wireless monitor cam is *.47. At the same time, the gateway’s Connection Summary screen tells me that the IP address is IP Address is 95.247.120.25 and that there are a primary and a secondary DNS, 68.138.64.12 and 68.138.96.12 respectively. These aren’t the real IP addresses, but let’s just assume they are. Now, what I don’t get is–any of this. While I can use, and have used, the IP address 95.247.120.25 to administer the gateway from a different network, what are the DNSs? How do I configure the gateway to (a) use the printer when I’m logged into a different network, and (b) to look through my webcam when I’m away from home? I assume this must be possible, and there is a lengthy manual in PDF form for this device, but the instructions therein assume that the user knows what needs to be done and why, and therefore only tells you how to do something. It doesn’t tell you why you would want to do something based on your particular goals, and neither the manufacture, nor my ISP will help me with this unless I pay them extra.

The DNS addresses are not immediately relevant to the problem at hand, so don’t worry about them. These are just the addresses of the machines that your computer talks to to find the IP addresses associated with a domain name, like boards.straightdope.com.

The addresses your machines are using in the 192.168 block are part of a private network, not directly routable from the public Internet. This is a good thing.

Now, when you make outgoing connections from within your private network, such as to access a web site, your router must maintain a table mapping internal addresses to the requests being sent out onto the public Internet, which all appear from the outside to be coming from the one IP address (95.247.120.25 in your example.) This technology is called NAT, for Network Address Translation.

But, if someone tries to make an incoming connection to your private network, the router has no way of knowing what machine to send that traffic to.

Port forwarding allows you to manually configure a port on your router to always send incoming traffic to a particular internal address. (A “port” here is not a physical plug, but just a two-byte number stuck on the end of an IP address which allows higher-level network protocols to differentiate one stream from another.)

Now, I don’t know how you view your camera, but let’s say it’s through a web interface. You could configure your router to forward incoming traffic on port 12345 to forward to 192.168.1.47, port 80. (80 is the default port number for HTTP.)

You could then access it on the outside by going to http://95.247.120.25:12345/

Notice the port number appended with a colon on the IP address; this tells your browser not to use the default port 80.

Thanks friedo, this is very helpful. I already understood basically what ports are, but didn’t get how I would map ports in the external address to separate internal 198. addresses. The DSL administration utility does, in fact, include NAT configuration, but I didn’t know what that was for until now.

I think now I can at least get to a point where it becomes merely a firewall configuration issue, but I’ll leave it for tomorrow to try it out.

Understand that home firewalls are NOT designed to offer more than very rudimentary access from the outside. Which is a Very Good Thing, as noted above. So being able to set up port forwarding for outside access to a camera’s web interface is both doable and (since the camera is probably not readily hackable) relatively safe.

If you really want to be able to remotely access your entire home network from anywhere on the entire internet, say from work or from a Starbucks public WiFi, or wherever, then you’re gonna need much better hardware & a little learnin’ about security. Either that or your entire home network will be pwned in about 3 minutes.

The camera does require its own user login, so I assume I’ll be OK there. The only other thing I wanted to accomplish was to be able to use the printer when I’m logged into a different network, for example when I’m using my Verizon USB720 to go online at home. Sometimes I do need to do that, on the rare occasions when I’m having connectivity or configuration issues with the router, but still want to work with my ISP over a chat connection. Also, when working from home (sadly not an issue these days), it would be nice to be able to connect to a company’s VPN, but still use my home printer.

If you really want to be able to remotely access your entire home network from anywhere on the entire internet, say from work or from a Starbucks public WiFi, or wherever, then you’re gonna need much better hardware & a little learnin’ about security. Either that or your entire home network will be pwned in about 3 minutes.
[/QUOTE]