Making Internet Services Available
If you have an always-on Internet connection, you may be tempted to run your own Web or mail server. You may also wish to make your computer available over the Internet through the Remote Desktop service so that you can get at your computer from home, work or while traveling.
If you're using a shared Internet connection, though, there is a small problem: The shared connection uses one publicly visible IP address, and the computers on your LAN are essentially hidden. It's rather like a gated community: Visitors are stopped at the guard gate and can't proceed to the residences inside without permission and directions. In the equivalent case of the network, the connection sharing service or device must be told which Internet network IP address is to receive incoming requests on various TCP and UDP ports, which correspond to specific Internet services.
If you plan to run servers that will be accessible from the Internet, or if you want to use Remote Desktop to reach your computer from the 'net, you'll need to configure your shared or routed Internet connection to direct incoming service requests to the computer that is hosting the desired service. How this is done depends on the type of sharing system you're using.
Port Forwarding with Internet Connection Sharing
A big advantage of using ICS when you are running services is that requests can be forwarded to your network's computers by name, rather than by IP address. Since the IP addresses on an ICS network are passed out dynamically, they can change from time to time, so the ability to forward requests by name is a big help.
Port Forwarding with a Hardware Sharing Router
If you are using a hardware connection sharing router on your network, it too can be configured to forward incoming Internet requests to the appropriate computers on your network. However, you will have to direct the requests to your computers by their IP addresses. This means that computers which are to host services must be configured with static IP addresses; if these computers are set up to receive dynamic addresses there is no guarantee that the address won't change, and render the forwarding useless. Static IP addressing is discussed earlier in this tutorial under "IP Addressing Options."
When you have configured static IP addresses for the computers that will be hosting services, Remote Desktop and so on, add port forwarding entries to your router's configuration. Table below lists the protocols and ports used by standard Internet-based services.
Protocols and Ports for Standard Internet ServicesProtocol Port Number Service TCP 20+21 FTP (File Transfer Protocol) TCP 22 SSH (Secure shell) TCP 23 Telnet TCP 25 SMTP (Email) TCP+UDP 53 DNS (Domain Name Service) TCP 80 HTTP (Web) TCP+UDP 88 Kerberos TCP 110 POP3 (Post office protocol version 3) TCP 119 NNTP (Network news) TCP 143 IMAP4 (Internet Mail Access Protocol v4) TCP 220 IMAP3 (Internet Mail Access Protocol v3) TCP 443 HTTPS (Secure web) TCP 3389 Remote Desktop UDP 5361 Symantec PCAnywhere TCP 5362 Symantec PCAnywhere
TIP If you want to connect to more than one Windows XP Pro computer through Remote Desktop.
The configuration page for port forwarding in a typical connection sharing router. On this network, several services are hosted on the computer with fixed IP address 192.168.0.4. PCAnywhere connections are forwarded to the computer at IP address 192.168.0.123.
There are protocols other than TCP and UDP that may require forwarding. To permit incoming connections for a VPN connection using Microsoft's Point to Point Tunneling Protocol, for instance, you must be able to forward packets using protocol #47 (Generic Routing Encapsulation, or GTE) to the host computer. Most inexpensive routers do not permit you to forward protocols other than TCP and UDP, so it's generally not possible to establish a VPN connection to a computer behind a connection sharing router. You can, however, establish an incoming VPN connection to a Windows XP Professional computer running the Internet Connection Firewall.
In this tutorial:
- Building Your Own Network
- Planning Your Network
- Choosing a Network and Cabling System
- Installing Network Adapters
- Installing Multiple Network Adapters
- Installing Network Wiring
- Wiring with Patch Cables
- Installing In-Wall Wiring
- Extending the Network with Multiple Hubs
- Managing Network Security
- Joining an Existing Network
- Joining a Workgroup Network
- Joining a Domain Network
- Setting Up a Routed Network
- Setting Up a Bridged Network
- Adding Network Server Appliances
- Making Internet Services Available
- Obtaining DNS Service
- Advanced Network Options