As a user that wants to make their NAS (Network Attached Storage) system available as a home server online, you face a core problem with IPv4-based networks. Unlike the new standard IPv6, the fourth version of this widely-dis­trib­uted internet protocol is char­ac­ter­ised by a strict sep­ar­a­tion of public and private address space. Your router is used as a mediating authority. Modern devices offer functions that com­pensate for the lack of end-to-end con­nec­tion. However, several con­fig­ur­a­tion steps are necessary.

A further hurdle is that your internet service provider (ISP) regularly dis­con­nects auto­mat­ic­ally: home networks are usually connected to the internet through randomly-assigned IP addresses that change daily. But how do you access a network if its address is con­stantly changing? Here is the answer.

Basics: public and private IP addresses

Public and private addresses are kept separate since this acts as a reliable pro­tec­tion mechanism. Local devices on a home or company network are protected from un­au­thor­ised access to the internet. A major dis­ad­vant­age, however, is that desired access is only possible with the correct router con­fig­ur­a­tion, which is used as a link between the two address ranges.

  • Public IP addresses: each router is assigned a public IP address from the re­spect­ive ISP and this address connects the router to the internet and serves as a sender address for server requests. The public IP is usually dynamic for private users and most online busi­nesses. This means that the address is randomly assigned to the router and only lasts for a certain period of time (around 24 hours). Since remote access from the internet requires a static address, methods such as dynamic DNS (DDNS) have been es­tab­lished and provide a way of linking dynamic IP addresses to un­change­able domains.
  • Private IP addresses: if you look at the structure of a Local Area Network (LAN) that connects different devices to a home or company network, you can also find IP addresses there. However, these are used ex­clus­ively for internal com­mu­nic­a­tion in the LAN, are auto­mat­ic­ally allocated by a DHCP server (Dynamic Host Con­fig­ur­a­tion Protocol) on the router, and connect the in­di­vidu­al hardware com­pon­ents of the network such as PCs, tablets, smart­phones, or home servers. These addresses are sometimes called LAN IPs. Since private IP addresses are not routable, it isn’t possible to obtain direct access to the IPv4 address of your network storage from the internet. Instead, the router (which is the only instance of the LAN to have a public IP address), must be con­figured in such a way that access to the NAS system is re­dir­ec­ted to its private LAN IP. This works best when network devices acting as servers are assigned a static LAN IP address.

If a device from the LAN is to interact with the internet, this is done ex­clus­ively via the router. This accepts server requests (e.g. when a website is accessed) from the local network and sends them with its own public IP address to the cor­res­pond­ing des­tin­a­tion on the world wide web. If a data packet is returned as a response to the request, the router ensures that this is re­dir­ec­ted to the original client in the LAN. With IPv4, the dis­tri­bu­tion of IP packets in the local network is carried out via a component of the router known as NAT (Network Address Trans­la­tion).

However, if a router registers incoming data packets that have not been ex­pli­citly requested by a device on the LAN, they are im­me­di­ately discarded for security reasons. This also applies to external access to the network storage, provided that no port for­ward­ing has been con­figured for this kind of access. 

HiDrive Cloud Storage
Store and share your data on the go
  • Store, share and edit data easily
  • ISO-certified European data centres
  • Highly secure and GDPR compliant

Set up remote access for your network storage in three steps

Three steps are es­sen­tially needed to overcome the hurdles described above so that you can make your network storage ac­cess­ible on the internet. These are: determine the internal IP address of your NAS system, open ap­pro­pri­ate ports for access from the internet, and use DDNS to ensure that your router remains ac­cess­ible for requests from the internet despite the public IP address changing.

1. Determine the fixed IP address for the NAS system

The internal IP addresses of your network are assigned by the DHCP server of your router. Generally, each network device receives the same IP address. To do so, your router per­man­ently stores the MAC address of the network device together with the first assigned IP. Al­loc­at­ing dynamic IP addresses within the local area network is normally only done when your home or work network has more network devices than IP addresses on the router.

To determine the IP address of your NAS system, you have to look it up in the network settings of your computer. In Windows, go to 'Control Panel', click on 'Network and Sharing Center', then click on 'Change Adapter Settings'. Right-click on the network con­nec­tion icon and click 'status'. Click the "Details" button in the window that pops up. Another screen will then appear which will reveal the IP address of your computer, which is also the same IP address as your NAS device. If your NAS system is on a corporate network whose network devices exceed the number of internal IP addresses available on your router, it is advisable to ex­pli­citly prohibit the as­sign­ment of a new IP address for your network storage. This should be possible in the con­fig­ur­a­tion interface of your router.

2. Open ports for remote access

A pre-requisite for remote access to your network storage is that you configure the firewall on your router so that it allows certain requests from the internet.

A packet filter works on your router in order to protect your home network from unwanted access attempts. In the default con­fig­ur­a­tion, this packet filter only lets data packets through that have been requested by devices on your LAN. On the other hand, if you are on the go and want to access your NAS system to download data or to save them on the network storage, you have to define the ex­cep­tions – even these access attempts aren’t initiated in­tern­ally and would otherwise be rejected by the router for security reasons. If you open the firewall for certain services such as FTP (File Transfer Protocol) or SSH (Secure Shell) this is known as port for­ward­ing. You set this in the ad­min­is­tra­tion interface of your router. To do this, open the ap­pro­pri­ate port for the desired service (e.g. FTP) and set up a redirect to the NAS system.

Modern network storage systems usually have an in­teg­rated FTP server, which – as long as it’s connected to the internet – can answer requests from FTP client pro­grammes such as FileZilla or WinSCP, thus enabling a con­veni­ent data exchange with various devices.

The­or­et­ic­ally, there are 65,536 ports available for network com­mu­nic­a­tion. Of these, ports 0 until 1023 have been reserved by the IANA (Internet Assigned Numbers Authority) as default ports for specific protocols or ap­plic­a­tions. The FTP server of your router, for example, generally accepts requests from the internet on port 21. To allow this, you must open the cor­res­pond­ing port on the surface and set up a redirect for incoming data packets to the network storage’s fixed LAN IP. For this purpose, you need to specify four settings in the ad­min­is­tra­tion interface of your router under the menu item 'Port for­ward­ing' or 'Port mapping', depending on the router:

  • The router’s port that is to be opened (known as 'Public Port' , 'External Port', or 'Inbound Service', depending on the device and man­u­fac­turer)
  • The private IP address of the network device to which data packets are to be re­dir­ec­ted (also 'Private IP' or 'Internal IP')
  • The port on which the network device is to receive the data packets ('Private Port' or 'Internal Port')
  • The protocol type to be used for data trans­mis­sion ('Type')

To allow the FTP server of your NAS system to com­mu­nic­ate via the internet, specify port number 21 for both the public port on the router, and the private port on the network storage. For the private IP address, use the fixed LAN IP that you de­term­ined in step 1 for your network storage. This instructs your router to auto­mat­ic­ally redirect requests and data packets from the internet that arrive at port 21 to your network storage’s port of the same name. However, to enable an in­ter­ac­tion like this, client devices on the internet must know the address of your router. In step 3, therefore, it is important to define a con­sist­ent contact address.

3. Set up a dynamic DNS service

A dynamic DNS provides a proven method of making a router per­man­ently ac­cess­ible over the internet. This is an in­ter­me­di­ary service, which is often offered free of charge by various providers on the internet. To use a dynamic DNS, register with a DDNS provider and set up a kind of pseudo-domain, which auto­mat­ic­ally redirects all requests to the current dynamic IP address of your router. The basic principle is the following: whenever your router is assigned a new dynamic IP address by the ISP, the router auto­mat­ic­ally reports the change of address to the DNS service. The current dynamic IP address is linked to the static pseudo domain. In order to access your network memory via the internet, you only need to know the static internet address and not the IP address that changes daily.

Go to Main Menu