Connect to a computer behind a router I do not control

Question

My ISP has assigned a single IP address for my entire apartment building (the ISP has an exclusivity contract with the building). The 'WAN' address my router sees is '192.168.1.130' which tells me I am behind another router (and I do not have control of this router, so I cannot open ports on it).

How can I best dial into my home network from the outside world? I'm guessing DDNS won't work. But I'm wondering if I can leave an active VPN tunnel open from some other server or service from which to connect to, or if there is some other networking magic I can invoke to get around my ISP's limitations?

Edit: There is no modem. The connection comes from an ethernet port out of the wall. The ISP is not cooperative.

Edit2: As suggested, I've decided, for the time being, to use a reverse SSH tunnel to open specific ports as with port forwarding. This SSH tunnel is initiated from and starts with the home server and connects to an external, public VPS, active 24/7. As I found out, if you are using PuTTy to tunnel from the home server to the external server, be sure to check "Remote ports do the same (SSH-2 only)". Example:

R<public_port>   <LAN_IP_on_home_network>:<listening_port_for_that_machine>

Answer 1

What kind of service are you looking to forward? SSH would be an easy one to relay if you have an server somewhere outside.

If you can access an outside SSH server, you can forward a remote port on that outside server to your internal server (and optionally have it accept outside connections).

ssh -R *:12345:internal.server:22 [email protected] 

This will forward port 12345 on the public server to port 22 on your internal server, which may be localhost if you're connecting from that machine.

Then, assuming the public server has its firewall rules set up correctly, you will be able to access your internal server by connecting to the public server's port 12345.

If you leave off the *: part it will only forward on the loopback interface for the external server, so you would have to SSH to that server first, then SSH from that machine to localhost port 12345.

Answer 2

One solution is to install remote control software such as TeamViewer on each of the systems you wish to access remotely. It is free for personal use and runs on Android, iOS, Linux, Mac OS X, Windows, Windows Phone 8, Windows RT, and BlackBerry systems. I use it on family members Windows' systems to remotely troubleshoot problems and have also used it on Linux systems and a Chromebook and found it has worked well. I've even used it to remotely control a Windows PC from an Android phone, though the tiny phone screen makes that difficult. You don't have to worry about firewall rules on external network devices for incoming connections, if all outbound connections are allowed, nor need to worry about port forwarding on external routers.

Another solution, if you use SSH to connect to an external SSH server, is to create a reverse SSH tunnel that will allow you to connect to the external SSH server and have connectivity routed through the tunnel to the home systems. You can tunnel the Remote Desktop Protocol (RDP), for Microsoft Windows systems, or other protocols through the SSH tunnel. E.g., see Reverse SSH Tunneling for how to set up a reverse tunnel on a Linux system. For instructions on how to do it with PuTTY on a Microsoft Windows system, see How to start a reverse tunnel with PuTTY?. Configure TCP keepalive transmissions to keep the connection up.