Access to W&T devices from the Internet using DSL

Increasing transmission rates along with dropping prices have made DSL THE standard solution for Internet access over recent years. In contrast to the traditional, outgoing applications like Internet browsers and e-mail clients, incoming connections require that a few points as described below be observed. As shown in the illustration, we are using as a concrete example a Web-Thermometer installed in the Intranet which can be read and configured from the Internet. This enables service personnel to do their work outside of normal working hours, and to access the current temperature values or device configuration from any location.

Reserved IP ranges are used for private networks to communicate within the Intranet. Depending on the network class these may lie within the following ranges:

The link to the Internet is the router, to which the respective ISP (on the WAN side) assigns an official IP address. This ensures that the router can always be reliably identified within the Internet. From the perspective of an outgoing connection such as the browser, the network sketched here is placed in operation in plug & play fashion. The target address of the communication partner in the Internet is known and the connection is opened from the internal network. Put simply, for outgoing packets the router is simply there to replace the sender addresses with its official WAN-side address. In the case of packets incoming from the Internet within this connection, the destination IP is then replaced by that of the station in the Intranet. This simple address exchange in the IP header performed by the router allows one to connect an entire Intranet with various stations to the Internet using just one of the short, official IP addresses.

But just like the case of traditional telephony, we don’t want to be limited to calling just other stations, rather the possibility of being called is also a requirement. In order to make the Web-Thermometer "visible", the following points need to be considered:

• Is the IP address of the router static or dynamic?
• What is the current, official IP address of the router, and how do I get the current IP of the router at any given time?
• Does the router accept incoming connections, and to which Intranet station are these passed on?

Fixed or dynamic IP addresses

The basis of any data exchange in the Internet are IP addresses, regardless of the application or protocol. In terms of DSL connections the ISP generally offers two possibilities. The simply, albeit more costly solution, is ordering a static IP address. In this case you only have to worry about the passing of the individual services to the Intranet as described under NAT. A more cost-effective alternative, especially for occasional access, is the standard DSL rates with dynamic addresses. Here, each time a DSL connection is opened the provider assigns a new address to the router from the provider’s pool. Many routers offer a special function for publishing their current IP address.

DynDNS - Dynamic Domain Name Service

DynDNS is a free service in the basic package which allows you to alias a dynamic IP address to a static hostname in any of the many offered domains, allowing your computer to be more easily accessed from various locations on the Internet. Details about setting up an account and available hostnames can be found on Web site http://dyndns.org. DynDNS is basically a DNS server which can be updated over the Web. Using the specific example of the Web-Thermometer, you first register an available hostname for the device. In contrast to traditional DNS service, no static IP address is now assigned to this host, rather it is possible to assign this online using a special HTTP protocol. The client program needed for this is often already integrated in the firmware of many DSL routers. Once the router gets a new IP address from the ISP, DynDNS automatically reports it to the DNS system and, after a short delay, the Web-Thermometer is accessible anywhere in the world through its hostname.

NAT - Network Address Translation

Now that the router is uniquely identifiable by virtue of the IP address, there is one last hurdle to clear. For security reasons and also because as shipped the router can’t know the address range of the Intranet, connections incoming from the Internet are by default either rejected or simply ignored. To pass through a connection opening attempt, the router must first be told explicitly which host in the internal network needs to be contacted. This decision is made on the basis of the TCP or UDP port number. In our example access will be from the outside to the Web pages of the Web-Thermometer. The protocol the browser uses for this is HTTP, which by default is processed on TCP Port 80. This means the rule in the router’s firewall must be formulated such that connections to TCP Port 80 coming in from the Internet are passed to the Intranet IP address of the Web-Thermometer. The following illustration shows the corresponding configuration side of a DSL router from Netgear.

Some examples for factory set port numbers in W&T devices. Some of these can be reconfigured, so that you may need to consult the manual in individual cases.