Home Network Local Access¶
I have several services running across different physical nodes on my local home network. To access these services, I typically need to specify their IP addresses and port number. However, to simplify access by name, I have setup a local DNS server in my home network. This way all family members can access these services by name.
Local DNS Server
A local DNS server is a service within your home or private network that resolves domain names to IP addresses. It behaves just like public DNS servers (e.g., Google’s 8.8.8.8), but tailored for internal use. It allows you to assign friendly, custom hostname to devices and services in your network, making them easier to access without remembering IPs. I have the option of running the DNS server either on my firewall or on Pi-hole. Since Pi-hole already handles all DNS queries for my network, I chose to configure the local DNS directly within Pi-hole.
| DNS Name | IP Address |
|---|---|
firewall.home | 192.168.2.1 |
pihole.home | 192.168.2.181 |
nas.home | 192.168.2.161 |
printer.home | 192.168.2.180 |
Now when I go to http://firewall.home, my browser sends me to the firewall admin login.
Majority of Linux distributions rely on systemd-resolved to perform name resolution. systemd-resolved, by default, doesn't send bare hostname (like firewall) to DNS unless you explicitly tell it to. Thus it is better to use FQDN-style names like firewall.home and not firewall and avoid .local unless you're relying on mDNS.
Reverse Proxy
DNS can only map hostnames to IP addresses. It does not support paths (like /admin) or port numbers. Therefore, the following mappings are not valid in DNS:
myservice.home → 192.168.2.181/admin ❌
myservice.home → 192.168.4.241:5050 ❌Only this kind of mapping is valid:
myservice.home → 192.168.2.181 ✅When I go to http://pihole.home, my browser tries to load http://192.168.2.181. However, the Pi-hole admin page lives at http://192.168.2.181/admin, so I get an error page. One solution is to provide path and port number in the URL. For example, to go into pihole admin page:
http://pihole.home/adminOr to access Plex service that is running inside NAS:
http://nas.home:32400We can fix this by adding a reverse proxy in the home network. The local DNS server resolves *.home domains to the IP of the reverse proxy. The reverse proxy inspects the hostname (e.g. myservice-node1.home) and routes the request to the corresponding IP and port.
The big problem with this setup is single point of failure. If the proxy goes down, all access fails. Moreover, all traffic goes through the reverse proxy after the DNS name is resolved. This makes the reverse proxy a bottleneck (for bandwidth or latency-sensitive services). Given these limitations, I opted not to use a reverse proxy for DNS-based resolution.
Home Network Remote Access¶
Remote access to a home network enables users to securely connect to their personal devices and services from anywhere in the world. This can be achieved using different technologies.
Port Forwarding
Port forwarding through a router is a technique used to allow external devices to access services on a private home network. This is done by directing incoming traffic from a specific port on the router to a designated internal IP address and port. This is commonly used for applications like web servers, game servers, security cameras, media servers, or remote desktop access. While convenient, port forwarding can expose internal systems to the internet, so it's essential to secure the forwarded services with authentication, encryption.
VPN Service
Remote access to my home network using a VPN allows me to connect to my private devices and services from anywhere over the internet. This enables seamless access to internal resources as if I am physically present at home.
VPN creates an encrypted tunnel between the remote device and the home network, and it ensures that data remains protected from eavesdropping or unauthorized access.
Untangle Firewall supports both OpenVPN and IPsec VPN servers. In my setup, I am utilizing the OpenVPN server. Once the OpenVPN server is activated, the client configuration can be downloaded as an .ovpn file. This file contains all the necessary information required for the client to establish a secure connection. Now I can VPN to my home network through my personal phone, work computer, etc.
Portable Wi-Fi Router¶
A portable Wi-Fi router is a compact, wireless device that allows you to create a private Wi-Fi network using a cellular data connection (SIM card) or a wired connection (Ethernet). It acts as a hotspot, enabling multiple devices (smartphones, laptops, tablets, etc.) to connect to the internet while on the go.
A portable Wi-Fi router has many benefits:
Multiple Device Connectivity
A portable router can act as a bridge between multiple personal devices and a single external network, such as a hotel's Wi-Fi. For example, when you’re staying at a hotel with your family, instead of each device (phones, tablets, laptops) connecting directly to the hotel's network, they all connect to the portable router, which then connects to the hotel’s Wi-Fi or Ethernet.
This setup allows the hotel to see only one device—the router. This not only bypasses potential device limits imposed by the hotel but also simplifies reconnecting when moving between locations. No need to manually reconnect multiple devices when moving between hotel rooms or locations—only the router needs to reconnect.
Single Login for All Devices
With a portable router, you only need to authenticate once to the hotel’s Wi-Fi or wired network. All connected family devices automatically gain internet access without requiring individual logins. This is especially convenient in places where networks have login portals (captive portals) that typically require each device to sign in separately. Once the portable router is authenticated, it manages the connection for all devices, saving time and avoiding the hassle of repeatedly entering credentials.
Secure Connection
Hotel Wi-Fi networks are often unsecured, making them vulnerable to potential cyber threats like data interception or man-in-the-middle attacks. A portable router enhances security by allowing you to create a VPN tunnel to a secured server, encrypting all internet traffic and protecting sensitive data from prying eyes.
You can either subscribe to a well-known VPN service provider or set up your own VPN server for greater control. For example, I have configured OpenVPN server on my firewall, which not only secures my connection but also allows me to remotely access my home network. This setup provides access to all my personal files and resources as if I were physically at home, offering both security and convenience while traveling.
Stable Connection
Some hotel Wi-Fi networks may throttle or disconnect inactive devices. A portable router ensures a consistent connection for all connected devices. Moreover, the router can be placed near windows or areas with stronger signals, avoiding congestion in weak-signal corners.
Streaming & Smart Devices Support
A portable router makes it easy to use Chromecast or other smart devices in a hotel, allowing you to stream content on the TV just like at home. Many hotel Wi-Fi networks have restrictions that prevent devices like Chromecast from working properly. However, by connecting your streaming device to your portable router’s private network, you can bypass these limitations.
Simply plug your Chromecast into the hotel TV’s HDMI port, connect it to the portable router, and stream your favorite shows, movies, and videos. This setup let you enjoy all the content you’re used to watching at home without relying on the hotel's limited or pre-installed TV channels.
I have been using GL.iNet Slate AX as my family portable Wi-Fi router. It is based on OpenWrt OS with lots of interesting features. Check this video: https://youtu.be/DuLWhRRgO3o