Private Networks – Public Internet – What is the difference?
In this series of articles, I have been developing a plan for a low-cost video surveillance system for your home. Video surveillance is only one of the exciting new technologies for the “connected home.” With all the new technologies for the home, comes the need to access those technologies when you are away from home. Mobile devices (smart phones and connected tablets) can use either an Internet browser or a specialized app to make the connection – if it is allowed. This article continues showing you how to connect your mobile devices to your home network. (See NOTE1, below about security issues)
First, you need to have a basic knowledge of public and private Internet networks.
If you are familiar with those concepts, just skip to the next article.
Public vs private networks
Most Internet traffic (web sites, Facebook, etc) exists on the “Public” Internet network. Every device that is connected to the public Internet is potentially accessible by every other device on the Internet – anywhere in the world! It is amazing – and frightening! Amazing because such free access to an unlimited amount of data has never been achieved before. Frightening because of the potential for hackers to steal your private and personal data.
If you have a network router at your home (to provide WiFi or Ethernet connections), then you are considered to be operating a “Private” network. Your router works as a barrier that isolates your private network from attack by hackers on the public Internet. The router can be considered as a “firewall.” It controls the flow of information to and from the individual devices inside your private network.
Internet Protocol (IP) Address
Your ISP (Internet Service Provider) normally issues only one IP address for each account. Your router “routes” Internet traffic to/from the outside world to the correct devices inside your network. Example: your ISP may have assigned to your modem a “Public IP” address of 184.108.40.206 to enable you to communicate with other devices on the web.
Your router will “translate” that IP (using a technique called NAT, Network Address Translation) to a locally issued “Private” network IP address which identifies a particular networked device in your home. Your router may have assigned the IP 192.168.0.1 to your desktop computer; your smart TV may be 192.168.0.2; and your tablet may be 192.168.0.3. But, to the public Internet, they all report being 220.127.116.11. (Click here to see your current public IP address). When the Internet sends information back (web pages, etc), it sends that information to your public IP. Your router determines which of the private IP addresses requested the info and sends it to that IP/device.
Reaching a device INSIDE your private network. Let’s assume that you have an IP Camera (or other device) connected to your network and that device is operating as a web server (to be viewed with a web browser). Further, assume that your router has assigned that device an IP address of 192.168.0.1. If the device is operating correctly, any computer/tablet/phone connected to the same private network (via either Ethernet or Wifi) could enter the address 192.168.0.1 into a browser and view the output of the device. But the address 192.168.0.1 is not a public IP. Therefore, even if someone outside your private network knew the private IP of a device on your network, they would not be able to see the server output.
Reaching a device from outside your network. Since the IP of your camera (192.168.0,1) is a private address, it is hidden from normal Internet traffic. (All addresses in the 192.168.. and 10...* and some 172...* networks are PRIVATE and are NOT addressable from the public network.) That is both a good thing and a bad thing. It is good because it is easy to hide (or cloak) your private devices from hackers on the public Internet. It is bad because, when you want to access your home security camera (or other devices) on your private network, the router blocks you as well as the hackers. Your router determines which devices (on the public Internet) are allowed to access the devices connected to your private network. This “port forwarding” function will be described later. First, we need to understand the use of the word “port” in this scenario.
You must set up your modem to specifically allow a particular port to be forwarded. A port could be considered a “channel” for certain types of data. (Normal Internet traffic can be carried on any of about 65,000 ports or “channels”.) Web traffic (websites, etc) is carried on standard port /channel 80. File Transfer Protocol (FTP), email, Skype, etc all have “standard” port numbers that are used if no alternative port is assigned. But any protocol can be transferred on any port. Except for the “standard” (but re-assignable) ports, all port numbers are arbitrary.
For normal use of the Internet, you don’t need to identify a port number – your browser will automatically use the standard port 80 when you enter a web address. But, it is common to change the port number on private networks – to further cloak them from hackers. Often, web servers on private networks will use port 8080 rather than port 80. In that case, you must specify the IP address and the port number to your browser. For the web server, on IP 192.168.0.1, in the paragraph above, you would need to type 192.168.0.1:8080 in the browser to view the server. (Notice that the IP and port numbers are separated by a colon.)
The particular port number is insignificant as long as both the sending and receiving devices use the same port. If you have a web server operating on port 81 and attempt to reach it with your browser, the browser will report that the site was not found – unless you add the “:81” to the end of the site’s address. Note that appending the port number (with a colon) is the same whether you are entering an IP (numbers) or a domain name (common site names). Examples: raywaldo.com:81 or 192.168.0.1:81
Each device on your private network can be associated with an arbitrary port number. In that case, the port number almost becomes a pin to hide the device from the outside world. But, since you know the port number, it is not difficult for you to reach the device.
Public Access to Private IPs
In order to make the computer/camera/etc on your private network accessible outside of your private network, you must either train your router to send all Internet requests to a particular (private) IP on your network or to “forward” specific port numbers to a specific device on your private network. Port forwarding is generally the preferred method. The next article will explain how this is done.
Your comments are welcome on any of these articles! I really want to hear from you about each article – is it what you need? Are you able to follow the guide? What needs to be improved? Leave your comments below. And, would you consider sharing this page on your Facebook, Twitter, or G+ timeline?
NOTE1 SECURITY ISSUES. The process of port forwarding via your router generally makes the connections reasonably secure from hacking. However, recent news about the hacking of huge corporate web business proves that no easy solution is 100% safe from hackers. One must evaluate the risks and benefits and decide if they wish to open up another potential hacking entry point.