Skip to main content

User Manual

Remote access to home resources via KeenDNS using NAT rules

Keenetic routers allow remote access via the standard HTTP and HTTPS web protocol from the Internet to web resources (web applications) on your home network via the KeenDNS domain name service. This is possible even if you don't have a public IP address to access the Internet on your router.

The following steps are required for the setup:

  • Select a free KeenDNS domain name in the router settings and configure the service in the 'Cloud access' mode;

  • Allow access to the router's web interface from the Internet by enabling the corresponding option. This setting automatically allows access to the router's web interface and other web resources on your home network.

Important

Cloud service ('Cloud access' mode) supports only the protocols below:

  • HTTP on ports 80, 81, 280, 591, 777, 5080, 8080, 8090 and 65080;

    HTTPS on ports 443, 5083, 5443, 8083, 8443 и 65083.

If you are using a port number for a web resource not from this list, you can do the following:

  1. Set up a mapping from a supported external port number to a random internal port number (e.g. 8080 to 8123);

  2. Change the port number on the host to a supported port;

  3. Use access via fourth-level domain.

Let's look at an example of configuring remote access to the interface of a popular open-source Home Assistant intelligent home application (running on port 8123) on a home network.

Similarly, you can set up remote access via HTTP protocol to any device on your home network with a web interface (a webcam, network drive, router, server, etc.).

The configuration will be done through the router's web interface.

  1. First, you need to register the devices to which remote access will be given on the router. For more information, see the article 'Connected devices registration'.

  2. Go to the 'Port forwarding' page and create classic port forwarding rules for the external interface to the desired devices.

    keendns-port-forward-01-en.png
    keendns-port-forward-02-en.png

    Important

    Since the classic port forwarding mechanism is used, it is impossible to forward the same access port to different devices, unlike the configuration via a fourth-level domain. Suppose the router's web interface is accessible from the Internet on port 80, and you want to provide access to the web interface of a host on the local network, which also runs on port 80. In this case, you need to do a port mapping (e.g. external port 81 is translated to internal port 80). In the case of fourth-level domains, this problem is solved because each host has its own domain name.

  3. You can then check access to the specified hosts. Although a private IP address is obtained from the ISP, access will be granted according to the defined rules.

In our example, the interface of the Home Assistant will be available at http://myrouter01.keenetic.pro:8080

keendns-port-forward-03-en.png