1. Join Now

    AVForums.com uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Can I access my PC accross the web?

Discussion in 'Desktop & Laptop Computers Forum' started by jlcrawford, May 24, 2005.

  1. jlcrawford

    jlcrawford
    Active Member

    Joined:
    Mar 21, 2001
    Messages:
    487
    Products Owned:
    0
    Products Wanted:
    0
    Trophy Points:
    18
    Location:
    NE England
    Ratings:
    +3
    I have bought a PC based security camera system for my works - I can log on using IE from the works network but am wondering if I should be able to do the same from home.
    I basically enter the host machines ip address in explorer and then log into the security software.I use a linksys wireless/wired router and was hoping to be able to connect accross the web - can anyone tell me how to do it in easy steps if it is possible.
    TIA
     
  2. 888

    888
    Guest

    Products Owned:
    0
    Products Wanted:
    0
    Ratings:
    +0
    Do you have VPN?
     
  3. jameson_uk

    jameson_uk
    Well-known Member

    Joined:
    Dec 9, 2004
    Messages:
    3,707
    Products Owned:
    0
    Products Wanted:
    0
    Trophy Points:
    136
    Location:
    Birmingham
    Ratings:
    +579
    It is certainly possible however you may not want to do it this way.

    You should just be able to find out what port the thing is running on then get your router to forward all requests on that port to the machine with the software on.

    This is fine in principle but you are then opening up your machine to the net and all the nasties that go with that. I presume we are talking some form of web interface with basic username / password authenticaion ?? If so, I would not recommend this route as it is inherently insecure.

    you could use SSH and tunneling so that you first securely connect to your PC and then everything is sent via this connection. This however is a real ar*e to setup and pretty complicated.
     
  4. 888

    888
    Guest

    Products Owned:
    0
    Products Wanted:
    0
    Ratings:
    +0
    Hi again. Please note I'm not a network or IT specialist (still stuck in the ZX81 era). But I have used VPN to do this sort of thing and works fairly well. The other method that I was going to suggest was if you are NOT on a private network at work and you have fixed public IP address at work you should be able to use soemthing like VNC to get a virtual desktop.

    I beleive GotoMyPC (www.gotomypc.com) also offers something similar. I remember using it when it was in beta testing (was free then but have to pay for it now days).

    Hope I was some help.

    :)
     
  5. jlcrawford

    jlcrawford
    Active Member

    Joined:
    Mar 21, 2001
    Messages:
    487
    Products Owned:
    0
    Products Wanted:
    0
    Trophy Points:
    18
    Location:
    NE England
    Ratings:
    +3
    Hi and cheers
    I have been messing with the setup utility on the router but I am unsure what to enter in IE to access the ports that I would have forwarded.
    I dont know what VPN or VNC are -did say I need it simple
     
  6. jameson_uk

    jameson_uk
    Well-known Member

    Joined:
    Dec 9, 2004
    Messages:
    3,707
    Products Owned:
    0
    Products Wanted:
    0
    Trophy Points:
    136
    Location:
    Birmingham
    Ratings:
    +579
    Do you have any documentation (or is there a config utility) which says or sets which port the software uses ?? If not, what do you type in at work to access the camera, is it just an IP address or is it something like xxx.xxx.xxx.xxx:yyy


    :D
     
  7. jlcrawford

    jlcrawford
    Active Member

    Joined:
    Mar 21, 2001
    Messages:
    487
    Products Owned:
    0
    Products Wanted:
    0
    Trophy Points:
    18
    Location:
    NE England
    Ratings:
    +3
    The software says it uses port 80. To access the program on my network I type the ip of the host machine it then downloads the client software automatically.I also use Xlobby at home and that has a web server function you type http://192.168.1.101:8002/ to access it locally but I cannot access it on the web so I would like to do both.
     
  8. jameson_uk

    jameson_uk
    Well-known Member

    Joined:
    Dec 9, 2004
    Messages:
    3,707
    Products Owned:
    0
    Products Wanted:
    0
    Trophy Points:
    136
    Location:
    Birmingham
    Ratings:
    +579
    I assume then that your macine's local IP address is 192.168.1.101 ??

    If so, there should be an option to foward port 80 and port 8002 (the one Xlobby is using) to this address.

    Firstly though I would if you can change the camera to use something other than port 80. This is the standard HTTP port and if this is open you will constantly be getting probed and prodded by all sorts of nasties. Try and change it to something else if you can.

    Then what you would need to do from work is type in the ip address of your home machine. so to access xlobby you would enter xxx.xxx.xxx.xxx:8002

    The only problem is I here you say, I don't know what the IP address is and also it changes anyway. The solution to this is dyndns most routers now have an inbuilt setting to update this for you as well. check out http://www.dyndns.org/ and look at their dynamic dns service. You will need to look at your router docs to see how to set this up at your end.

    This will basically allow you to type in an address. e.g. I have xxx.is-a-geek.com so entering this site in a web browser always forwards me to my home machine
     
  9. jlcrawford

    jlcrawford
    Active Member

    Joined:
    Mar 21, 2001
    Messages:
    487
    Products Owned:
    0
    Products Wanted:
    0
    Trophy Points:
    18
    Location:
    NE England
    Ratings:
    +3
    Jameson Uk thanks V much.I can change from port 80 I am fairly sure.
    What confuses me is surely everyone with a linksys router has ip address that must be the same so am I looking for the ipaddress of say the router on the internet rather than that of the local machine?
    I have had a look at dynDNS and it looks a bit out of my league- I said that about Xlobby but managed to get it going by leaching help.

    If I am starting to pick up some idea is this correct I enable port forwarding of the port no to the ip address of the specific machine on my home/work network?

    These are some settings on my router setup utility -can you identify any of them as what they are
    Under Status- Router-Internet config type I have

    ip address 80.6.xxx.xx
    subnet mask 255.255.255.0
    default gateway 80.6.xxx.xxx
    DNS1194.168.x.xxx
    DNS2194.168.x.xxx

    Lastly if enable DynDNS and select Dyndns.org from a drop down list I get an internet ip address of 80.6.xxx.xx as shown above.

    Thanks again for the help will be going to bed now and will check back for more info tomorrow.
    Cheers
     
  10. jameson_uk

    jameson_uk
    Well-known Member

    Joined:
    Dec 9, 2004
    Messages:
    3,707
    Products Owned:
    0
    Products Wanted:
    0
    Trophy Points:
    136
    Location:
    Birmingham
    Ratings:
    +579
    Basically your ISP will give you an IP address. For most people this will change over time (although mine has actually stayed static for 8 weeks and counting now). In simple terms, if you were just to connect your machine to the internet, this would be the IP adress of your computer. If you add a router into the equation, this becomes a buffer between the internet and the other side. Your router will take on the IP address supplied by your ISP and it will then dish out internal IP addresses to machines that connect to it from the safe side.

    This is all well and good until you try to get in. By default the router will try and stop anyone getting in. If you want to allow things in, you need to tell it. For example if you had a computer running a web server and you wanted any requests for web pages (port 80) that arrive at your router to go to the machine with the web server on you need to tell it to let it in and send it to the right place (this is called port forwarding)

    You can safely ignore all but the first line :) This is the IP address given to you by your ISP. The rest are not relevant to you for this.

    DynDNS is not that complicated. Basically your IP address from your ISP can (and generally will) change on a regular basis. This can be a pain if you are at work and can no longer connect as the IP address you had yesterday has changed. All you do is register with them and take out a sub-domain name of say jlcrawford.homeip.net and then you tell it your IP address.

    Then when anyone tries to access that domain, they do some magic and it automatically ends up at your machine. Your router will most likely have an option to enter a dyndns username and password and hostname. Basically once this is setup, anytime your IP address changes, your router will inform dyndns and hence that domain should always point at your actual machine.

    That is it really. Just signup, pick a domain, enter those details into your router and then from work you could enter
    http://jlcrawford.homeip.net:8002
    to access xlobby
     
  11. probedb

    probedb
    Banned

    Joined:
    Aug 20, 2003
    Messages:
    2,653
    Products Owned:
    0
    Products Wanted:
    1
    Trophy Points:
    86
    Location:
    Sheffield
    Ratings:
    +181
    I agree dyndns is very good.

    I have remote desktop using SSH tunnelling setup for my home PC :) very useful, if I remember when I get home I'll link to a very easy setup guide. Basically installing cygwin with ssh. The tunnelling part is harder as it depends what version of windows you're running and stuff.
     
  12. jlcrawford

    jlcrawford
    Active Member

    Joined:
    Mar 21, 2001
    Messages:
    487
    Products Owned:
    0
    Products Wanted:
    0
    Trophy Points:
    18
    Location:
    NE England
    Ratings:
    +3
    Jameson Uk many thanks will give it a go - do I also have to do something with the firewall on the local machine?
    Also if I do this am I very likely to be hacked?
    Pinkprobegt is this SSH tunneling a safer way to do this and if so I would be grateful for the setup guide.
    Cheers
     
  13. jameson_uk

    jameson_uk
    Well-known Member

    Joined:
    Dec 9, 2004
    Messages:
    3,707
    Products Owned:
    0
    Products Wanted:
    0
    Trophy Points:
    136
    Location:
    Birmingham
    Ratings:
    +579
    Only allow your program to act as a server. It depends on what software firewall you have but I would imagine that if you are using the web interface already then it is ok.
    Depends. On port 80 you are likely to get a lot more people probing to see if they can get in / explit vulnerabilities etc. Changing the port so something like 9721 (just a random number I came up with which does not appear to be used by any recognised protocols) then this will cut down on this sort of this. It also depends really on the server. If you camera or xlobby is ingerently not very secure then you are more vulnerable. I would imagine that a combination of changing the port and a strongish username and password should be sufficient but........
    Yes. Basically what you establish a secure connection to your machine via SSH and then you send all your requests through this tunnel.

    This has several implications. Firstly, you need to be running a SSH server on your machine you want to access. Secondly you need an SSH client on the machine from which you are trying to connect.


    Have a look at this , ignore the Linux part and scroll about half way down to XP. This is based on you running Linux server at the other end but it gives you a good idea of what you would need to do on the client end of things and in general how it all fits together.

    This is more secure because all communications are handled through one secure connection : You must first connect via the SSH client before you can do anything. You can make this even more secure by using public/private key authentication rather (or in addition to) passwords. This is as about as secure as you are going to get if you are leaving ports open on the internet.
     
  14. scouse

    scouse
    Active Member

    Joined:
    Jan 22, 2003
    Messages:
    273
    Products Owned:
    0
    Products Wanted:
    0
    Trophy Points:
    18
    Location:
    Balham
    Ratings:
    +3
    Is VPN less secure than SSH?

    The reason i ask is that i've recently set up a vpn connection to home from my girlfriends if i ever need files. (although having difficulty in getting her computer to see my shared folders without going through remote desktop :-( and copy and pasting

    If i did go through the ssh route where can i get hold of a ssh server application as i already have a client from uni?

    cheers
     
  15. jameson_uk

    jameson_uk
    Well-known Member

    Joined:
    Dec 9, 2004
    Messages:
    3,707
    Products Owned:
    0
    Products Wanted:
    0
    Trophy Points:
    136
    Location:
    Birmingham
    Ratings:
    +579
    Good question. If you google you will see that nearly every site that talks about connections via SSH tunnels called it a VPN connection.

    I think there is some difference as to what a VPN is technically. I see it as just a secure connection. Using an SSH tunnel does this using TCP/IP where as most items referred to as "real" VPNs use other protocols.

    I suppose it depends on what type of VPN you are using and what sort of encryption.

    See the link I posted above for sharing Samba shared folders, do you need to setup a loopback adaptor ??

    Pass, I use Linux which has it built in.
     
  16. scouse

    scouse
    Active Member

    Joined:
    Jan 22, 2003
    Messages:
    273
    Products Owned:
    0
    Products Wanted:
    0
    Trophy Points:
    18
    Location:
    Balham
    Ratings:
    +3
    cheers for that James, i've set up a loopback adapter, have to wait for my girlfriend to get home to see if it has worked... :rolleyes:

    i have to stay in and work whilst she goes watching the footie... it's never fair :smashin:
     
  17. jlcrawford

    jlcrawford
    Active Member

    Joined:
    Mar 21, 2001
    Messages:
    487
    Products Owned:
    0
    Products Wanted:
    0
    Trophy Points:
    18
    Location:
    NE England
    Ratings:
    +3
    I have managed it - big thanks to all.Using dyndns I can connect to Xlobby without problem.Now if Xlobby is closed does this close the port and hence keep the PC secure?
     
  18. jameson_uk

    jameson_uk
    Well-known Member

    Joined:
    Dec 9, 2004
    Messages:
    3,707
    Products Owned:
    0
    Products Wanted:
    0
    Trophy Points:
    136
    Location:
    Birmingham
    Ratings:
    +579
    Basically. If Xlobby is closed, the port will appear but as CLOSED. If you router is blocking that port (default setting) then it will appear as STEALTHED which basically means it does not actually exist.

    This should be safe enough, although again being anal, I might change the port as someone trying to exploit a vulnerability in xlobby (you never know someone out there might) would try port 8002. Changing it so some other number would help a little bit but may be a little OTT
     
  19. cwick

    cwick
    Active Member

    Joined:
    Feb 4, 2002
    Messages:
    2,207
    Products Owned:
    0
    Products Wanted:
    0
    Trophy Points:
    51
    Location:
    Reading
    Ratings:
    +95
    Changing port numbers isn't really a good idea - it doesn't gain you much since anyone really interested is going to be scanning ports anyway, so you won't remain 'hidden' for long. Security through obscurity is never a good policy.

    Personally, I'd do the whole thing over SSH. That would provide sufficient deterence to all but the most determined attacker ... OpenSSH should do the trick.
     
  20. jameson_uk

    jameson_uk
    Well-known Member

    Joined:
    Dec 9, 2004
    Messages:
    3,707
    Products Owned:
    0
    Products Wanted:
    0
    Trophy Points:
    136
    Location:
    Birmingham
    Ratings:
    +579
    Doesn't hurt though. Some exploits would be looking for specific ports.

    E.G. I know if I leave my SSH server running on port 22 I do get regular attempts to connect. (they don't work as I use key authentication) but since I have changed it to another port I have not had a single attempt.

    No more secure but it does lower the risk slightly as some of these kiddie coders out there will sophisticated enough to probe all your ports looking for a specific protocol. That said, if someone does want to get in, and are real hardcore crackers it can be very hard to stop.
     

Share This Page

Loading...