Version 1.0
This is a more generic version of the instructions on how to set up an internal web server to be accessible from the Internet.
How to set up port forwarding to an internal web server.
In this guide, I talk about port 3389. However, for other internal services that you wish to expose to the Internet, just change the 3389 references to your port of interest. So, if it's VNC, for example, change 3389 to 5900 (and give the service a sensible name like "VNC" instead of "RDP").
There have been many users stating incorrectly that port forwarding doesn't work on the Sky router, so I decided to write a click-by-click guide on how to set up port forwarding to allow a Windows Terminal Server server that is running on the internal network to be accessible from the Internet. This guide does not explain how to set up Terminal Server - it assumes that you already know how to do this. The whole lot takes about 30 seconds (well, testing adds a few minutes more).
Beware: when publishing an internal server to the Internet, the bandwidth that users or yourself will experience will be limited to the upload, not download, speed. Also, you might want to ensure that you don't fall foul of the fair usage policy by running a high-usage web site!
A few assumptions to start with.
- The only Internet connection you have is via the Sky router. If you have, for example, multiple Internet connections, or some clever internal routing between routers, then your port forwarding may not (probably won't) work.
- The router is fresh out of the box or has been reset back to factory defaults. In addition, it is running the Sky firmware.
- The internal IP address of the terminal server is 192.168.0.2 and your router is 192.168.0.1.
- The terminal server is using the default RDP port: TCP port 3389.
- The port that you wish to expose is not already defined as a service. (Actually, we'll assume that it isn't and when we come to define the service, it'll throw us an error if it is.)
- There are no local firewalls (including Windows firewall) running on the terminal server. If there is: stop it! It can be switched back on later, but for now, let's just get it working without the server's firewall.
- You are aware of the security implications of exposing a terminal server directly to the Internet! (I'm using Terminal Server not because I condone this practice, just because it's an easy example to use.)
Note: The instructions work with or without uPNP. Also, it is for terminal servers
only, but it can be adapted for any TCP or UDP port.
Here goes...
- Check that the terminal server is accessible internally by pointing a client at it's internal (NOT external) address. So, point your Windows Remote Desktop Connection client at 192.168.0.2. If that doesn't work, fix the terminal server before continuing.
- Log into the web interface of the firewall (the "admin", "sky" one).
- On the main page, under the "ADSL Port" section, make a note of the "IP Address". You'll need this later for testing.
- Click "Services" on the left.
- Click the "Add Custom Service" button.
- In the NAme field, enter a suitable name such as "RDP".
- In both the "Start Port" and "Finish Port" fields, enter the port we want to expose: 3389.
- Click the "Apply" button. If you get an error: "Service port number was defined by another service", it means that the router already knows about the port in question, so we can simply use that.
- Click "Firewall Rules" on the left.
- Under "Inbound Services" click the "Add" button.
- Change the Service to "RDP(TCP:3389)". (It will probably be selected by default already.)
- Leave the action as "ALLOW always".
- In "Send to LAN Server" enter the IP address of the terminal server: 192.168.0.2, using the tab key (not the full stop) to move between each part of the IP address.
- Leave all the other fields as they are.
- Click the "Apply" button.
- On the next screen, click the "Apply" button (the one next to the "Cancel" button).
Testing that it works...
- On a PC that is on the Internet (i.e. NOT one on the same network as the terminal server) such as a work PC, fire up a Windows Remote Desktop Connection client and point it to the public IP address of your Internet connection. This is the IP address that you made a note of in stage 3 above. For example, if the address you made a note of is 199.1.2.3, from the work PC, you'd enter 199.1.2.3 into the client.
- If you've followed the instruction to the letter, the login screen should appear and you have port forwarding working.
All that remains is:
- Switch the firewall on the server back on (assuming there was one in the first place and you still want to run it). Test again. If it breaks, fix the web server's firewall.
- Get the router's WAN IP address into a dynamic DNS service such as Dynamic Network Services, Inc. -- DynDNS -- Welcome. The "how to" do this is outside the scope of this guide.
- For an interesting twist, add port address translation to the mix, which I describe here: How to enable Port Address Translation (PAT).
Linear Mode
