Remote-access Guide

home server remote access ports

by Dr. Destin Frami Published 3 years ago Updated 2 years ago
image

Here are a few default ports and their services: 80 (HTTP, for a Web server), 3389 (Remote Desktop), and 21 (FTP, for a FTP server). Note that, a computer's local IP (LAN) address can also change after a restart. To make it remains the same, you can use the IP (or DHCP) Reservation feature of the router.

With port forwarding manually configured, open the Windows Home Server Console, click Settings, click Remote Access, and then click Repair.
...
Manual Router Configuration.
Service or ProtocolPort
HTTPSTCP 443
Remote Desktop Protocol (RDP)TCP 4125
1 more row
May 8, 2010

Full Answer

How do I set up remote access in Windows Home Server?

Here we take a look at the basics of setting it up, choosing a domain name, and verifying you can connect remotely. Setup Remote Access in Windows Home Server. Open the Windows Home Server Console and click on Settings. Next select Remote Access, it is off by default, just click the button to turn it on.

What port does my router use for Remote Desktop?

In most cases this is 3389 - that's the default port used by Remote Desktop connections. Admin access to your router. You're opening your PC up to the internet - make sure you have a strong password set for your PC.

What is remote web access and how do I use it?

In Remote Web Access, you can: Access shared files and folders on the server. Access your server and computers on the network. This means that you can access the desktop of a networked computer as if you were sitting in front of it at your office. Remote Web Access is not turned on by default.

Why can't I make a port accessible to home assistant?

A problem with making a port accessible is that some Internet Service Providers only offer dynamic IPs. This can cause you to lose access to Home Assistant while away. You can solve this by using a free Dynamic DNS service like DuckDNS. If you cannot access your Home Assistant installation remotely, remember to check if your ISP provides you ...

image

What is SSH in a server?

Home server/Remote access. SSH stands for Secure Shell and is a protocol for secure remote login and other secure network services over an insecure network, which basically means you can access your server from your computer over a network and execute commands as if you were typing them on the server itself.

Do servers need to keep ports open?

Normally, your server needs to keep a port open for each service you want to provide. However, hackers love trying to break in the moment they find an open port.

What port is Home Assistant on?

The most common approach is to set up port forwarding (for any port) from your router to port 8123 on the computer that is hosting Home Assistant. General instructions on how to do this can be found by searching <router model> port forwarding instructions.

Can you use Home Assistant Cloud without configuration?

Users of Home Assistant Cloud can use the Remote UI without requiring any configuration. If you’re interested in logging in to Home Assistant while away, you’ll have to make your instance remotely accessible. Remember to follow the securing checklist before doing this.

Is putting a port up secure?

Just putting a port up is not secure. You should definitely consider encrypting your traffic if you are accessing your Home Assistant installation remotely. For details please check the set up encryption using Let’s Encrypt blog post or this detailed guide to using Let’s Encrypt with Home Assistant.

What does it mean when you connect to a remote desktop?

When you connect to your PC by using a Remote Desktop client, you're creating a peer-to-peer connection. This means you need direct access to the PC (some times called "the host"). If you need to connect to your PC from outside of the network your PC is running on, you need to enable that access. You have a couple of options: use port forwarding or set up a VPN.

How to enable port forwarding on router?

Enable port forwarding on your router. Port forwarding simply maps the port on your router's IP address (your public IP) to the port and IP address of the PC you want to access. Specific steps for enabling port forwarding depend on the router you're using, so you'll need to search online for your router's instructions.

What does it mean to connect to a PC from outside?

This means you need direct access to the PC (sometimes called "the host"). If you need to connect to your PC from outside of the network your PC is running on, you need to enable that access. You have a couple of options: use port forwarding or set up a VPN.

Where can I find my router's IP address?

Your public IP address (the router's IP). There are many ways to find this - you can search (in Bing or Google) for "my IP" or view the Wi-Fi network properties (for Windows 10).

Can RD client access PC?

Instead, when you connect to the VPN, your RD client acts like it's part of the same network and be able to access your PC. There are a number of VPN services available - you can find and use whichever works best for you.

What port is proxies managed on?

Proxies are managed internally via port 81 and I feel secure enough doing this with a decent password for all my web interfaces. If you need help let me know!

How to keep DNS records up to date?

If you have dynamic external IP, you can use Cloudflare's API to keep your DNS records up to date. Simply make a script that periodically checks your external IP address and then updates DNS record using the API. This is what I did for my NUC server (systemd timer that runs python script that updates DNS records).

Can SeaFile host with SeaDrive?

For mounting a drive I've used SeaFile to host with SeaDrive on the clients. I'm not as savvy as the users in this sub however.

Can a Samsung Evo 860 SSD be used in a home server?

I think in a zfs storage array consumer ssd like samsung evo 860 ssd would do just fine in a home server.

Can you use a CNAME with a DDNS?

So you should just use a DDNS with a CNAME , or a VPN server.

How to allow remote desktop access to local network?

If you want to allow Remote Desktop on the local network only, check the checkbox labeled Private. If you want it publicly available, you should check the Public checkbox too.

How to open Remote Desktop Connection client?

You can open the Remote Desktop Connection client by going to Run –> mstsc.

What is RDP protocol?

Remote Desktop Protocol (RDP) is a proprietary protocol developed by Microsoft to remotely connect to a Windows system using a graphical user interface. RDP is built into Windows by default. RDP listens on TCP port 3389 and udp port 3389. Previously, the RDP software was called Terminal Services client but now it’s called Remote Desktop Connection.

What is RDP client?

Previously, the RDP software was called Terminal Services client but now it’s called Remote Desktop Connection. Windows comes with a remote desktop client that can be used to access the complete Windows Desktop environment remotely. It’s very useful for people who use multiple computers for work.

What port is open and listening?

Check if port 3389 is open and listening. There are times when you successfully open the RDP port but you’re unable to connect to the computer remotely. In that case, make sure that you are able to access port 3389 (or any other port if you have changed it) remotely.

Which port should be forwarded through the main Internet router?

If you want to make it accessible over the Internet (which is not safe), the RDP port should be forwarded through the main Internet router to work properly. Let’s talk about how to open port 3389 in Windows Firewall and the router. [toc]

Is it safe to use RDP port 3389?

If you are opening RDP over the Internet, keeping the RDP port to 3389 is a security threat. It is recommended that you change the default port from 3389 to something above 10000. I, normally, keep it between 30000 and 40000 which is relatively safe as the port scanners will start scanning from port 1.

How to manage remote access?

To manage Remote Web Access permissions for a user account. Log on to the Dashboard, and then click Users. Click the user account that you want to manage, and then click View the account properties in the Tasks pane. In the Properties dialog box, click the Anywhere Access tab.

What is remote web access?

In Remote Web Access, you can: Access shared files and folders on the server. Access your server and computers on the network. This means that you can access the desktop of a networked computer as if you were sitting in front of it at your office. Remote Web Access is not turned on by default.

How to change region on Windows Server Essentials?

On a computer that is connected to Windows Server Essentials, open the Dashboard. Click Settings. On the General tab, click the drop-down list in the Country/Region location of server section. From the drop-down list, select the new region, and then click Apply to accept the new region setting.

What is a domain name?

A domain name uniquely identifies your server on the Internet. Domain names consist of at least two parts: a top level domain name (TLD) and a second level domain name. For example, in contoso.com, com is the TLD and contoso is the second level domain name.

Why is Windows Server Essentials needed?

Windows Server Essentials uses a security certificate to help secure the information that is exchanged between the software and a web browser. When you install the Connector software on your computers, the security certificate for Windows Server Essentials is added to the trusted certificate list on your computers.

What is a domain prefix?

The domain name prefix identifies a subdomain. The subdomain name can be used to identify services, devices, or regions. For example, Contoso Pharmaceuticals wants to allow remote users to log on to Remote Web Access, but does not want the website to be available to the public, so they create a subdomain that allows only users with appropriate permissions to access the website. Contoso Pharmaceuticals sets up remote.contoso.com as the subdomain, and remote is the domain name prefix.

How to grant access to desktop remotely?

On the navigation bar, click USERS. In the list of user accounts, select the user account that you want to grant permissions to access the desktop remotely. In the <User Account> Tasks pane, click Properties. In <User Account> Properties, click the Anywhere Access tab.

How to get remote access through firewall?

A common way to get remote access through a firewall is with a Reverse SSH Tunnel. This is easy to setup and works well, but I discovered that HTTP based services through the tunnel run extremely slow. The most likely reason for this is that both SSH and HTTP use the TCP protocol to transmit data over a network.

What IP address does Tinc use?

With tinc working, all the services on the home server can be accessed through a local IP on the cloud server, like 10.0.0.2:8112 for Deluge. Time to turn that into something nice like deluge.crawford.kiwi!

What is Tinc VPN?

tinc VPN. The tinc VPN software was the answer. tinc can be used to create virtual networks between computers. It utilises UDP so runs quickly, all traffic is encrypted, and it’s continually re-checking the status of its VPN connection so works well even on unreliable connections.

What is Pydio server?

A Pydio server for remote access and management of files.

Why use HTTPS?

HTTPS is used to ensure all data transport is encrypted. This requires valid SSL certificates which can be obtained for free with Let’s Encrypt through their automated verification process. To setup Let’s Encrypt to automatically renew I used bringnow’s docker-letsencrypt-manager and shared the volumes with the NGINX container. A very useful tool when working with HTTPS is SSL Labs’ SSL Test.

Why is UDP faster than HTTP?

The answer is to switch to something UDP based. UDP is much faster because it’s just packets sent straight over the network without error checking or flow control. A UDP based tunnelling solution means that only the HTTP layer is performing these extra tasks.

Does Hamachi require client software?

There are services dedicated to providing remote access to your networks like Hamachi. These work well but require client software to join the virtual network, not meeting my first requirement of working on any computer!

image

Setup

Ssh Keyfile Authentication

  • We are going to use ssh & ssh-keygen in this tutorial because its consistently available on almost all platforms, including GNU/Linux, BSD, and OSX (by default), and Windows (You're not going to use wangblows and also worry about NSA backdoors are you?). You can also use PuTTY if you need a GUI crutch or something else entirely, but if you were a tard like that, you probably should…
See more on wiki.installgentoo.com

Fail2ban

  • fail2ban monitors your log files (any of them, not just SSH). If it sees too many login failures, it bans the offending IP for as long as you configure it to. It won't prevent a distributed brute-force attack, but it will help a LOT. With the default settings, 3 failed SSH logins trigger a 10 minute ban for that IP. This makes brute-forcing very difficult. Usually hackers see the ban and move on, the…
See more on wiki.installgentoo.com

Port Knocking

  • Normally, your server needs to keep a port open for each service you want to provide. However, hackers love trying to break in the moment they find an open port. SPA solves the problem by keeping ports close when not in use. How does the server know to open them when you need to talk to it? You pick a port, say 12345, to use for SPA. The server listens on that port but never rep…
See more on wiki.installgentoo.com

Firewall and Ports

  1. Don't forget to allow traffic on the ssh port (default 22)
  2. If you want to access your server from outside your home network you will need to forward port 22 on your router. A guide for port forwarding can be found here.
See more on wiki.installgentoo.com

External Links

See Also

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z 1 2 3 4 5 6 7 8 9