What is my computer IP address knowing that I have a router?

My computer is connected to the Internet through a wifi-router. I want to have access to my computer remotely, for example using ssh. When I ask my computer what my IP address is, for example by going in the network indicator, I get 192.168.1.101. But when I go on a website as whatismyip.com, I get a totally different address, probably the one of my router.

So what address should I use to access my own computer remotely and not any other machine in my home wifi-network?


Solution 1:

Okay, others have already answered but I've typed too much to hit cancel :P

To access computers inside your home network from an outside network, you need to use the IP address displayed by whatismyip.org. 192.168.1.101 in this case is your internal LAN IP address assigned to your system by your router via DHCP. The outside world does not see this. As your router handles incoming and outgoing network traffic, it translates between your "real" IP address and the various internal IP addresses inside your network. This is called Network Address Translation or NAT for short. Wikipedia has a nice analogy:

A NAT device is similar to a phone system at an office that has one public telephone number and multiple extensions. Outbound phone calls made from the office all appear to come from the same telephone number. However, an incoming call that does not specify an extension cannot be transferred to an individual inside the office. In this scenario, the office is a private LAN, the main phone number is the public IP address, and the individual extensions are unique port numbers

You'll also need to setup some port forwarding rules on your router. The instructions for this depend on what kind of router you have but the basic idea is that you are telling your router: "Hey, if you see any incoming traffic on port 22, send it to the computer that has 192.168.1.101 as its IP address". Of course, change the port number and ip addresses as suits whatever it is you are trying to use.

You can usually access your router's configuration settings by opening a browser and typing in 192.168.1.1 or 192.168.1.0 for the address. You can execute netstat -rn and look at the last line to find the correct address if you are not sure.

Now comes the tricky part. Unless you tell your router "Always give this computer the IP address 192.168.1.101", there is no guarantee it will always be that...but it probably will. Moreover, your public IP address is probably also assigned via DHCP from your Internet service provider. So, if you reset your modem or if enough time goes by, your public IP address can also change and you'll have to look it up again at whatismyip.org. There are ways around these issues but I've typed enough for now and I think it's a separate question. Hope that clears some stuff up!

Solution 2:

Many routers will update a Dynamic DNS service. This is the best way to access your server remotely. You will need to register with the Dynamic DNS service before you can use it. Check which ones your router supports, if any, before you register.

As other have commented you will need to enable either port forwarding (recommended) or DMZ access to your server.

Your router has one address on the Internet. It uses DHCP to provide IP addresses in a private address range (192.168...) to your computers and device. The router will translate addresses to and from the Internet. This is known as Network Address Translation (NAT) and provides some protection.

EDIT: Given you are running Ubuntu. Look at things you can do to secure your system against Internet attacks:

  • Use strong passwords for all your user-ids. Consider using keys rather than passwords for remote access.
  • Setup a firewall. UFW may already be installed, but I prefer Shorewall.
  • Setup /etc/hosts.allow and/or /etc/hosts.deny to limit access to services.
  • Use SSH or HTTPS rather than telnet or HTTP to access your server with passwords. Also use SFTP or scp rather than FTP to transfer files.
  • Install a log scanner like logcheck to scan your logs and notify you of things which might indicate an attack.
  • Install fail2ban to blacklist attackers.
  • If you are running Apache ensure that the server can't write its content directories. Also review the ACLs in the configuration and update to meet your needs.

You don't need to do all of these (except use strong passwords). But each thing you do increases your security.

Solution 3:

You will need to configure port forwarding, and will need access to the Administration Panel on the router.

Log in as the Administrative user on your router, Usually by typing either: http://192.168.1.1 or http://192.168.1.255 considering what you have listed as your local ip-address.

Look through your settings and try to find Port Forwarding. This is where you can specify to permit access to unique machines within your LAN.

Here is a screen shot of my tab with one of my ssh settings:

Screenshot of PortForward Tab and Settings

There is a really good website (at least it's one I've liked using in the past) that has screen shots and other helpful info located here. If you'd like more specific help leave some comments and I will try and help further. You might be able to find your specific router in their list.

Once you find that, you just add the internal address that you want to permit access to, and specify the ports want them forwarding to (or range of ports).

So like in your example, where you already have identified your external address... after setting up the portforwarding for SSH with port 22 (which I wouldn't recommend). You would then be able to access your machine by ssh by typing:

ssh <username>@<the_address_you_viewed_on_whatismyip>

If you decided to permit port 22 / or

ssh <username>@<the_address_you_viewed_on_whatismyip> -p <non-standard port#>

If you chose to use a non-standard one.