The whole premise of the homebrewserver.club is the simple — yet often overlooked — fact that your home internet subscription theoretically also allows you to host services. The internet is in its essence a bi-directional medium. Anyone with an internet connection can not only look up on-line content but also host it!
In times of 'cloud providers' and 'virtual private servers' it is an easy thing to forget, and internet service providers don't make it easy on you either, but a homebrew server can be as simple as an old laptop connected directly to your home router. However, you do need to change some settings on the router to make that happen!
![A schematic representation depicting network address translation between a local area network and a wide area network, where ports are being forwarded from the WAN to home server on the LAN]({attach}images/port_forwarding.svg)
By default home routers have configured the firewall so that the devices behind your router are inaccessible to the internet. This is to prevent your private network from being public.
Machines behind your router (called your local area network or `LAN`) can make connections to the wider internet (known as `WAN`), but not the other way around.
However, when hosting a server at home, we do want that server to be reachable from the internet. In order to do that we need to open so-called *network ports*.
Ports are logical 'gates' that are open or closed to connections. These ports have numbers and are [standardized](https://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers#Well-known_ports) for specific protocols or applications.
To make our server accessible over the internet we need to open the ports on the router and forward them to our server. This is called port-forwarding.
The exact method (and terminology) of port-forwarding differs from router to router. However, it always follows a similar scheme where you designate inbound traffic on a certain port to be forwarded to the your server's IP-address and port on the local area network.
For this you need to have access to the administrative panel of your router.
### Find your router
To access the administrative panel of your router you need to find it's IP-address. You can do this by connecting to that router via Ethernet or Wi-Fi and then finding out what your own IP-address is.
Using a web browser navigate to the IP-address you found above to reveal the router's admin panel. It should provide you with a log in field where you can enter the router's admin details to get access to the control panel.
Use an ethernet cable to connect your home server to your router. In case that it has ethernet ports in different colors/markings make sure you take something that says either `LAN` or `INET`.
Next try to find an option called "Static (DHCP) Lease" or "DHCP Binding" or something similar in your LAN view. Then make sure to assign your server a static DHCP lease. This will make sure that the server is always reachable under the same IP-address.
Once you've set up a static lease to your home server you can start port forwarding. Depending on the make of the router it can be also be called *Port Sharing* or *Traffic Forwarding*. Again, depending on the make of the router, it can be found under the tabs 'security', 'access control' or 'internet'.[^1]
You might be asked a few things, including the name of the rule, the protocol (TCP, UDP or both), the external port and the internal port. Sometimes you are given the option to open a range of ports.
Open the external port `80` for plain HTTP and redirect it to the local IP-address of the homeserver:
```
Name: "HTTP Homeserver"
Protocol: TCP
Device: 192.168.1.10
External Port: 80
Port to device: 80
```
Open the external port `443` for HTTPS and redirect it to the local IP-address of the homeserver:
```
Name: "HTTPS Homeserver"
Protocol: TCP
Device: 192.168.1.10
External Port: 443
Port to device: 443
```
Lastly we will open a port for `SSH`. The change here is that we open the external port `9999` and map that to `22` internally. Setting SSH on a non-standard port is a low-level way to prevent automated scripts gaining access to your homeserver. TODO add link to basic security
Now that you have opened the corresponding ports you should be able to type your external IP-address in your browser and should be automatically redirected to the website on your home server.
While a majority of applications will work on `80` and `443` you might need to open different port for different applications. For example in the series describing [self-hosted chat over XMPP]({filename}../instant-messaging/configuring_an_xmpp_server_prosody_0.11.md#set-up-firewall-and-dns) ports `5000`, `5222`, `5269` and `5281` are opened and forwarded.
Most installation guides for software will tell you whether you need to open ports. However it is also possible to see what applications are listening to what port using:
[^1]: [https://portforward.com/](https://portforward.com/router.htm) has a large list of routers and visual instructions on how to set up port forwarding on them.