accessing lan IP from public IP

[tehsolace]

I'm on a network that has a security monitor device hooked to it. From any computer on the network, I can go to 192.168.1.200 and access the things I need.

But it would be useful to access it remotely from somewhere else. I know the network's public IP, but I have no idea how to access the 192.168.1.200 remotely. To make things worse, the security device doesn't have any sort of interface that i can use (its not like a computer or anything).

Is there anything I can do, perhaps on my computer thats hooked to the network, that will allow me to 'broadcast' or 'forward' the 192.168.1.200 IP publically?

 

[NetGuru42]

I can't give you a definite answer without knowing what this "security device" is, but I can give you a generic answer that works for normal setups. Most networks are attached to the internet through a central hub. That hub should have a static IP, such as 192.168.1.1. If you open a web browser and navigate to that IP (i.e. "http://192.168.1.1") via the address bar, you should be able to access the hubs interface. Note that most routers protect their interfaces with a username and password. The default for this varies by manufacturer, but you can try user: "admin" and password: "password" or variations thereof.

Once you have access to the user interface, There should be some kind of section in the interface called "port forwarding". It is in that area that you can manually map ports on the hub, so that anyone trying to connect to those ports via the public IP over the internet will be forwarded to the corresponding ports on the internal IP (your computer on the network).

While this is fine for servers and such, please be aware that by opening ports on the hub, you are enabling hackers and viruses to penetrate your NAT firewall... meaning you are suddenly at risk of very serious security issues. If the network you are on is not completely your own, do NOT attempt this without consulting whoever is in control of the network or business. If what I'm understanding from your post is true, you wish to be able to access the Windows File and Printer Sharing services over the internet. This is quite possibly one of the most vulnerable ports to open to the internet. If you really must open the necessary port(s), there had better be a very strong password on that folder share.

Ports to add to the list for file and printer sharing are as follows, if you have carefully considered the repercussions of enabling this...

TCP 139, TCP 445
UDP 137, UDP 138

You will probably also have to open those ports in the Windows Firewall settings as well. That can be accessed via the control panel.

 

[tehsolace]

Thank you for your response! The "security device" is a recording hub for the security cameras at the office that I would like to be able to check regularly from home. It seems to be connected to the network on the private IP of 192.168.1.200, because I can access it from any computer in the office by going to http://192.168.1.200. I can also access the Linksys router's menu from http://192.168.1.1 but I couldn't find anything about port forwarding in there.

Do I really want to be enabling access to the Windows File and Printer sharing in this case? All I want to do is create a 'gateway' to the HTTP page that is being broadcasted from the hub. I need a way to access http://192.168.1.200/public/index.shtml publically.

 

[NetGuru42]

you won't need to worry about File and Printer Sharing (which is a VERY good thing). The only port you will need to add to your router's port forwarding list is TCP 80. That is the port that all web browsers use to send and recieve information over the internet or networks.

What is the model number of your router? Without it, I have no idea where to find the port forwarding options in its firmware.

 

[bliink]

You will need to set up a VPN style connection, or a webserver etc. If the LAN admin has any brains, they should notice right away once you succeed.

You could possibly be breaking the law in doing this, by the way, depending on what institution owns this network. (eg, criminal vs civil laws)

 

[NetGuru42]

You will need to set up a VPN style connection, or a webserver etc. If the LAN admin has any brains, they should notice right away once you succeed.

You could possibly be breaking the law in doing this, by the way, depending on what institution owns this network. (eg, criminal vs civil laws)

He already has a webserver on the machine. That is why he's able to access the camera recording computer from "http://192.168.1.200/public/index.htm". So all he should need to do is open TCP port 80 on his router and point it to 192.168.1.200. VPN might be more secure, but it is a very definitely round-about way.

And yes, he should talk to his administrator before he does this, but I don't think he cares... :frown:

 

[bliink]

He already has a webserver on the machine. That is why he's able to access the camera recording computer from "http://192.168.1.200/public/index.htm". So all he should need to do is open TCP port 80 on his router and point it to 192.168.1.200. VPN might be more secure, but it is a very definitely round-about way.

the fact that he can read a html document via LAN does not mean a webserver actually exists.

And yes, he should talk to his administrator before he does this, but I don't think he cares... :frown:

heh.. so when it turns out that he's orchestrated a diamond robbery, after sabotaging a surveillance system, you're the internet accessory? haha

 

[tehsolace]

lol guys I am the one responsible for watching the security cameras. This is a small business office and I'm the only one that even checks the cameras. Theres nothing to steal, and even if there was I could do it without needing to check the cameras... not like I'm crawling through vents and avoiding security guards

anyways the linksys model is WRT54G. I have no idea how the security device is broadcasting the HTTP service and I can't figure it out because its not like a normal computer... its more like a VCR. I've tried creating a VPN connection and pointing it to the private IP in my office computer, but it doesn't connect... so I figured I wasn't doing something right. Perhaps a VPN connection to the computer isnt possible because windows isn't installed on it? I mean afterall its not a desktop computer. But the fact is, my office computer can access the HTTP service, and I just want to be able to broadcast that.

What should I try doing??

 

[NetGuru42]

the fact that he can read a html document via LAN does not mean a webserver actually exists.

If you had looked a little closer, perhaps you would have noticed "that he can read a html document via LAN" with the HTML protocol (i.e. http://192.168.1.200/public/index.htm) which DOES, in fact, prove that he has a web server running on his machine.

In any case, the WRT54G port forwarding option should be located on the "Applications and Gaming" tab in the router firmware. Once you have that tab active, there should be a link right below it and to the left for "port range forward". I am basing this off of revision 5 of the router, so if you have an earlier revision, I don't know if it will be exactly the same. Once you have the "port range forward" page up, you can enter any name for the Application, but I'd just put in "HTTP" to make things simple. Then as a start port and end port, just put "80" in both. If it gives you an option to choose between TCP and UDP, choose TCP.

Let me know if you still aren't able to find the port forwarding option in your firmware... as I said, I'm basing this off of just a glance at the WRT54G v5 firmware, so I can't give you specific instructions, unfortunately.

 

[bliink]

If you had looked a little closer, perhaps you would have noticed "that he can read a html document via LAN" with the HTML protocol (i.e. http://192.168.1.200/public/index.htm) which DOES, in fact, prove that he has a web server running on his machine.

I think I know what you are saying, but do you mean the HTTP protocol, not HTML?

 

[NetGuru42]

I think I know what you are saying, but do you mean the HTTP protocol, not HTML?

I stand corrected... Typo. Sorry 'bout that.

 

[tehsolace]

If you had looked a little closer, perhaps you would have noticed "that he can read a html document via LAN" with the HTML protocol (i.e. http://192.168.1.200/public/index.htm) which DOES, in fact, prove that he has a web server running on his machine.

In any case, the WRT54G port forwarding option should be located on the "Applications and Gaming" tab in the router firmware. Once you have that tab active, there should be a link right below it and to the left for "port range forward". I am basing this off of revision 5 of the router, so if you have an earlier revision, I don't know if it will be exactly the same. Once you have the "port range forward" page up, you can enter any name for the Application, but I'd just put in "HTTP" to make things simple. Then as a start port and end port, just put "80" in both. If it gives you an option to choose between TCP and UDP, choose TCP.

Let me know if you still aren't able to find the port forwarding option in your firmware... as I said, I'm basing this off of just a glance at the WRT54G v5 firmware, so I can't give you specific instructions, unfortunately.

Wow I think that did it! Thank you so much for the instructions they were spot-on.