homebrewserver.club/content/fundamentals/port_forwarding.md

Title: Port Forwarding on your home router
Date: 2019-01-14
Tags: port forwarding, router, introduction, lan, wan
Slug: fundamentals-port-forwarding
Summary: How to make your homebrew server reachable over the internet using your home router.
Author: hbsc & friends
Status: published


# UNDER CONSTRUCTION

##Introduction

The whole premise of the homebrewserver.club is the simple, yet often overlooked, fact that your home internet subscription theoretically also allows you to host services. The internet is in its essence a bi-directional medium. Anyone with an internet connection can not only look up on-line content but also host it! 

In times of 'cloud providers' and 'virtual private servers' it is an easy thing to forget, and internet service providers don't make it easy on you either, but a homebrew server can be as simple as an old laptop connected directly to your home router.

##Requirements

To begin serving from home you need the following: 

- Make sure you have physical access to your home router.
- Get to know the password of the admin user (this is usually provided in the box or written on the label on the underside of the router).
- Have an available power socket next to your router.
- Have a homeserver with a web server and open SSH server running on it.
- An ethernet cable to connect your server to the router.

## Port forwarding theory

![A schematic representation depicting network address translation between a local area network and a wide area network, where ports are being forwarded from the WAN to home server on the LAN]({attach}images/port_forwarding.svg)

Most home routers are configured by default to make the devices behind your router inaccessible to the internet, using their inbuilt firewall. This is to prevent your private network from being public. 

Machines behind your router (called your local area network or `LAN`) can make connections to the wider internet (known as `WAN`) but not the other way around.

In the case of hosting a server at home though, we DO want that server to be reachable from the internet. In order to do that we need to open so-called *ports*. 

Ports are logical 'gates' that are open or closed to connections. These ports have numbers and are [standardized](https://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers#Well-known_ports) for specific protocols or applications.
For example, HTTP traffic from a website would default to port `80`. HTTPS defaults to `443` and SSH defaults to port `22`. 

To make our server accessible we need to open and forward those ports on the router/firewall to our server in a process called port-forwarding.

The exact method of port-forwarding differs from router to router but if follows always a similar scheme where you designate inbound traffic on a certain port to be forwarded to the IP address your server has on the local area network. 

For this you need to have access to the administrative panel of your router.

### Find your router

To access the administrative panel of your router you need to find it's IP-address. You can do this by connecting to that router via Ethernet or Wi-Fi and then finding out what your own IP-address is.

On Debian based systems this is done like this in the terminal:

`$ ifconfig`

If you get a command not found warning try this:

`$ ip address`

This will return information on your network connection. Look for the line saying `inet` 

    3: wlp3s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether ac:ab:00:00:ac:ab brd ff:ff:ff:ff:ff:ff
    inet 192.168.1.11/24 brd 192.168.1.255 scope global wlp3s0
       valid_lft forever preferred_lft forever
    inet6 fe80::eab1:fcff:acab:374e/64 scope link 
       valid_lft forever preferred_lft forever

In this case the IP-address is `192.168.1.11` as a rule of thumb you can then change the last digit to either `1` or `254` to find the router.


### Log in to your home router and get to know your LAN

Using a webbrowser navigate to the IP-address you found above to reveal the router's admin panel. It should provide you with a log in field where you can enter the router's admin details to get access to the control panel.

There you will see a lot of possible settings. Look at the options "LAN", "DHCP Leases" or "Network" to get an overview of all the devices.

### Connect your homeserver

Use an ethernet cable to connect your homeserver to your router. In case that it has ethernet ports in different colors/markings make sure you take something that says either `LAN` or `INET`.

Have a look at your router's interface again and look for the IP-address that your server was assigned. In this guide I'll assume it was 192.168.1.10

Next try to find an option called "Static (DHCP) Lease" or "DHCP Binding" or something similar in your LAN view. Then make sure to assign your server a static DHCP lease. The IP-address it has now is probably fine for that! This will make sure that the server is always reachable under the same IP-addres.   

## Forward the ports

Once you've set up a static lease to your homeserver you can start port forwarding. 


## Additional Resources

* [https://portforward.com/](https://portforward.com/router.htm) has a large list of routers and visual instructions on how to set up port forwarding on them.