It's undoubtedly handy to be able to access your computer without physically needing to be there - but it can be tricky to set up. Port forwarding is the easy answer.
I don't know about you, but I simply can't live without remote access. Well, more accurately, I can't work without it.
Thanks to remote access I can look after a raft of widely dispersed PCs and networks from the comfort of my office or home. This is a real boon to my customers. And me. Sometimes all it takes to fix a problem is 10 minutes of remote tweaking - which beats a three-hour round-trip, I can tell you.
This upsurge in the popularity of remote access is partly down to the increasingly widespread availability of broadband. Thanks to fast, always-on Internet connections, you can operate a remote PC with responsiveness not far off what you'd get if you were sitting in front of it. That's the good news. The downside is that this doesn't just "happen", but requires a bit of configuration. Especially when dealing with the remote router.
The modern network router is a godsend to small networks. In return for one public IP address you can connect as many as 253 PCs to the Internet, each one with a "private" IP address - in other words, in the 10.x.x.x or 192.168.x.x ranges. How does it manage this? It's all thanks to the miracle that is NAT (network address translation).
The NAT router or Internet gateway translates all outbound requests from individual PCs with private IP addresses on the LAN (local area network). It alters the network packets so they appear to originate from a single public IP address - and this is all the outside world can see. When the requested packets return, the NAT reverses the translation and routes the data back to the originating private system. Clever stuff indeed.
However, NAT works only one way, and that's when packets originate inside the network. If unsolicited inbound packets arrive from the Internet, as they would if you were attempting remote access, the router hasn't got a clue which PC, if any, they should be routed to. So it drops them - acting like a basic firewall if nothing else.
Imagine, if you will, that you're trying to access from afar a Web server you run on your network. When the HTTP requests reach your Internet gateway, it will attempt to connect through port 80, as is standard. In this case the request will be dropped by the router - as far as it is concerned, no one on its network has asked for this information, so there's nowhere to send it. There's no corresponding NAT entry for this request, so the port is not open (see Understanding data ports).
Any port in a storm
The good news is that it's possible to traverse the NAT obstacle. There are several ways of achieving this, the most common being port forwarding - also known as port mapping.
Applications that need to interact with your PC across the Internet will include a port number in their request. When a port is forwarded, a table is created in the router. This allows the request directed at port number "X" to be sent on to a different port with a private IP address on one of the network's PCs. All this is specified by a port-forwarding rule.
To get external access to the Web server above we'd need to create a port-forwarding rule on our Internet gateway. It would send all external HTTP requests received on port 80 to the corresponding port of the private IP address of the server. And likewise for port 21, if that PC was also running an FTP server. Just be aware that the exact procedure for port forwarding varies for each brand of router.