Remotely access a Raspberry PI

By Posted on

QUESTION :

I was wondering how I can access my Raspberry Pi outside my home network. I can VNC through a SSH tunnel over my WIFI internally but I could never manage to do it externally. Is it something to do with port forwarding and maybe DynamicDNS?? Thanks in advance.

ANSWER :

On your home router you should check for port forwarding

There will be a table that has entries for host, port and some description.

to just get it done :
1. check your IP address by looking at your router’s WAN address.

  1. on the router config/port forwarding, forward all requests to port 22 ssh to your RPI’ IP address.

  2. To test this just ssh to the address from step 1 , if its all working then you will get a prompt for username.

There are times when your WAN IP will change so yes if you want it to be permanent you should get a domain registered and then sign up for dynDNS service that will allow you to point your domain name to their DNS server and you will get a key from DYNDNS that allows you to run a script every 2-3 minutes to update YOUR actual WAN IP at DYNDNS so they can properly resolve your address when the ISP changes it.

I HIGHLY RECOMMEND YOU HARDEN YOUR RPI if you OPEN it up on PORT 22, install the BlockHost or any of these Blocking IPs

I recently read a good article on exactly what your looking for. You can find the article here:
http://lifehacker.com/5978098/turn-a-raspberry-pi-into-a-personal-vpn-for-secure-browsing-anywhere-you-go

If you use RaspBMC for exemple, all external access are block by default.
You can change this :

Just edit this file :

sudo nano /etc/network/if-up.d/secure-rmc

Found this lines : 

logger -t iptables "Configuring ip tables for interface $IFACE"
if [ "$IFACE" != "lo" ]; then
    NETMASK=$(get_subnet $IFACE)
    iptables -A INPUT -s $NETMASK -i $IFACE -j ACCEPT
    iptables -A INPUT -i $IFACE -j DROP
fi

And add : 

iptables -A INPUT -p tcp --dport 22 -j ACCEPT

just before : 

iptables -A INPUT -i $IFACE -j DROP

Exit, save & reboot.
If you want to open all port => you can comment the logger line and all the if statment.
For an other port, just change the 22

Leave a Reply

Your email address will not be published. Required fields are marked *