Connect to device behind router (and switch) over internet


I'm having a bit of trouble understanding which networking solution to use for my problem:

I have a home network which includes several computers behind a router either directly through the router or through switches.

The router I am using has DynDNS set up on it, I can VPN to my desktop via Hamachi, I can RDP via Windows 7 RDP, and I can do other sorts of fancy tricks.

The one last thing I would like to do is browse to a networked device behind the router from my laptop over the internet. What can I use to accomplish this?

I've tried port forwarding port 80 and port 21 to the IP of this device but I am still not able to access it over the internet or FTP to it.

Network Diagram:

                                             / ̅̅̅̅̅ ̅̅̅̅ ̅  My Desktop
                                  ⎯⎯Switch ⟨
                                 |           \ ___ Device in Question
Internet --- Modem --- Router ---|
                                  ⎯⎯Other Computers, Devices, etc.


Posted 2012-02-11T04:25:01.683

Reputation: 187



A couple of ideas:

  1. Some Internet service providers will block commonly-used service ports, such as 80 for HTTP and 21 for FTP. If at all possible, rebind the ports on your "device" to non-standard ports.
  2. If you can use Remote Desktop into your workstation, just browse it from your workstation.

It bears mentioning that exposing this many services to the Internet is rather inadvisable. If you can set up a secure shell server inside your home network. you can simply use SSH tunneling to get secure, encrypted access to any service you need, without having to open ports on your router for each subsequent service (you still need a port for ssh).

Joel E Salas

Posted 2012-02-11T04:25:01.683

Reputation: 246

Hi Joel, thanks for your response. I know that my ISP doesn't block HTTP and FTP. I know this because I had hosted a test website with a small server I had a few weeks ago and it worked swimmingly. I also am able to ftp into a shared drive connected to my router so I can't imagine that's an issue. The reason I cannot use RDP is because I have licensed software on my laptop which I cannot transfer to my desktop. If only life were so simple =) – Kashif – 2012-02-11T23:53:18.753


Many routers support Port Address Translation (PAT) as part of port forwarding. This allows you to designate a high numbered external port that you connect to from the Internet, the router alters the port number to 80 (say) when it forwards the packets to your device. The router may not use the term PAT but it may provide for you to specify different internal and external port numbers.

Note that FTP uses different ports for it's command and data connections. This can make it a difficult protocol to configure in a router (though most firewalls know all about passive and active forms of FTP).


Posted 2012-02-11T04:25:01.683

Reputation: 70 632

Thanks for your answer. I am using a high-numbered external port to map on port 80 to the IP of this device. Still no cigar. I understand that FTP is going to take some more effort so I'm focusing on just getting HTTP to work. – Kashif – 2012-02-11T23:50:44.760


FTP uses port 20 and 21 on the server side if its active FTP. If its passive a unique high number port is established for use each time. At that point you would need a device that supports protocol inspection and dynamic access rules (a firewall). A good explanation can be found here.

I don't know what your end FTP solution is, but, similar to the prior suggestion, it may just be easier (and more secure!) to implement SFTP, that is FTP tunneled over SSH. Its all over port 22 then and its encrypted :)

Also just as a heads up, in this particular scenario the switch does not matter at all as long as you aren't doing anything with VLANs.

Mike M

Posted 2012-02-11T04:25:01.683

Reputation: 730