AnnouncementsDocumentationDataplicity APICommunity projects

Comparison to Port forwarding

At first glance, Dataplicity Remote Shell and port forwarding Secure Shell (SSH) achieve a similar goal: to provide a remotely accessible command line interface to your device.

In practice, however, that's where the similarities end....


Remotely accessing devices behind routers and firewalls

Perhaps the most common network configuration for a Raspberry Pi is where the device exists behind an ADSL/cable router or a cellular modem. Complications arise from the fact that these routers typically implement Network Address Translation (NAT)

Devices "behind NAT" may be accessible inside the network via tools such as Secure Shell (SSH), but are not by default reachable from outside the NAT-ed network (ie from the internet).

The traditional solution is port forwarding, which broadly speaking involves connecting to your router's management interface, assigning a static local IP address to the Pi, and forwarding an inbound TCP port from your router directly to the assigned IP address of the device.


The drawbacks of port forwarding

There are a number of drawbacks with this approach, not least of which is the level of technical knowledge required to set it up.

Technical knowledge

Dataplicity is a one-line installation which is always the same regardless of the number of devices you have or their configuration.

Port forwarding, however, requires a working knowledge of IP addressing, TCP port numbering, firewalls and Network Address Translation (NAT). Making it even partially portable typically requires the use of third party Dynamic DNS services which also requires some knowledge of DNS.

Local network configuration

Dataplicity requires only a standard internet connection (Ethernet or WiFi for example).

In addition to an internet connection, port forwarding typically requires the following:

  • Administrative access to your local router
  • The assignment of a static IP to the Pi
  • Forwarding of an inbound port (for example port 22 for Secure Shell/SSH)
  • The establishment of a firewall exception on your router to allow inbound traffic.

Port management

When using port forwarding to access devices on your local network, each will require a separate inbound TCP port through your router. You'll need to keep track of these to remember which port corresponds to which device and to delete old ports no longer required.

This is not required for Dataplicity.

Local firewall exceptions

For port forwarding, you will need to add a firewall exception to your router to allow inbound traffic to each of the redirected ports (minimum one per forwarded device).

Dataplicity uses standard outbound secure web traffic (HTTPS) so it's very unlikely you'd need to make any changes to allow Dataplicity traffic through.

Upstream network access

If you can access normal websites from your Pi you're already ready to use Dataplicity.

For port forwarding, however, the upstream network setup matters and this can get very complicated indeed:

  • You may need to request a firewall exception from your ISP, who may or may not allow the request and who may or may not charge a fee
  • You may also require a static IP from your ISP or the use of Dynamic DNS if your device is portable, both of which may involve a fee.

The restrictions of upstream network access are at the core of what makes port forwarding solutions non-portable. For example, if you've negotiated a static IP and firewall exception with one ISP, these changes are made only for that one ISP: should you switch provider or move your device to a new network, you may need to revisit your setup. With Dataplicity, however, your device always appears in the same place regardless of the network it's on.

Security

Forwarding an inbound port directly from the internet puts your device on the internet. If your device is not running the latest software, you may be at risk of attack from viruses, worms or botnet traffic that are perpetually cruising the internet looking for insecure devices.

Dataplicity Remote Shell works very differently. It does not require an inbound port on your device. and as such, you do not need to open a port from the internet to your device.

Updated almost 3 years ago