|
|
|
@ -1,100 +0,0 @@
|
|
|
|
|
Title: HBSC Basics: setting up Port Forwarding on your home router
|
|
|
|
|
Date: 2019-01-14
|
|
|
|
|
Tags: port forwarding, router, introduction, lan, wan
|
|
|
|
|
Slug: basics-port-forwarding
|
|
|
|
|
Description: How to set up a spare computer as a server and make it reachable over the internet.
|
|
|
|
|
Author: hbsc & friends
|
|
|
|
|
Status: draft
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# UNDER CONSTRUCTION
|
|
|
|
|
|
|
|
|
|
##Introduction
|
|
|
|
|
|
|
|
|
|
The whole premise of the homebrewserver.club is the simple - yet often overlooked - fact that your home internet subscription theoretically also allows you to host on-line services. Since the internet is in its essence a bi-directional medium, anyone with an internet connection can not only look up on-line content but also host it!
|
|
|
|
|
|
|
|
|
|
In times of *cloud providers* and *virtual private servers* it is an easy thing to forget. Internet service providers (ISP) don't make it easy on you either. However, a homebrew server can be as simple as an old laptop connected directly to your home router.
|
|
|
|
|
|
|
|
|
|
In this article you will learn how to change the settings of the router provided by your ISP in order to make your homebrew server accessible from the internet!
|
|
|
|
|
|
|
|
|
|
##Requirements
|
|
|
|
|
|
|
|
|
|
To begin serving from home you need the following:
|
|
|
|
|
|
|
|
|
|
- Make sure you have physical access to your home router.
|
|
|
|
|
- Get to know the password of the admin user (this is usually provided in the box or written on the label on the underside of the router).
|
|
|
|
|
- Have an available power socket next to your router.
|
|
|
|
|
- Have a home server running a web server and OpenSSH running on it.
|
|
|
|
|
- An ethernet cable to connect your server to the router.
|
|
|
|
|
|
|
|
|
|
## Port forwarding theory
|
|
|
|
|
|
|
|
|
|
![A schematic representation depicting network address translation between a LAN and WAN](/images/port_forwarding.svg) A schematic representation depicting network address translation between a local area network and a wide area network, where ports are being forwarded from the WAN to home server on the LAN. The IP-addresses indicated in this schematic are used throught the article as for reference but might differ from your own situation.
|
|
|
|
|
|
|
|
|
|
Most home routers are configured by default to make the devices behind your router inaccessible to the internet using their inbuilt firewall. This is to prevent your private network from being public.
|
|
|
|
|
|
|
|
|
|
Machines behind your router (called your local area network or `LAN`) can make connections to the wider internet (known as `WAN`) but not the other way around.
|
|
|
|
|
|
|
|
|
|
In the case of hosting a server at home though, we DO want that server to be reachable from the internet. In order to do that we need to open so-called *ports*.
|
|
|
|
|
|
|
|
|
|
Ports are logical 'gates' that are open or closed to connections. These ports have numbers and are [standardized](https://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers#Well-known_ports) for specific protocols or applications.
|
|
|
|
|
|
|
|
|
|
For example, HTTP traffic from a website would default to port `80`. HTTPS defaults to `443` and SSH defaults to port `22`.
|
|
|
|
|
|
|
|
|
|
To make our server accessible we need to open and forward those ports on the router/firewall to our server in a process called port-forwarding.
|
|
|
|
|
|
|
|
|
|
The exact method of port-forwarding differs from router to router. However, it always follows a similar scheme where you designate inbound traffic on a certain port to be forwarded to the IP address your server has on the local area network.
|
|
|
|
|
|
|
|
|
|
The effect of this is that all traffic with your home connection's IP-adress as a destination and bound for those ports will not be rejected by the firewall but forwarded to your server instead.
|
|
|
|
|
|
|
|
|
|
For this you need to have access to the administrative panel of your router.
|
|
|
|
|
|
|
|
|
|
### Find your router
|
|
|
|
|
|
|
|
|
|
To access the administrative panel of your router you need to find it's IP-address. You can do this by connecting to that router via Ethernet or Wi-Fi and then finding out what your own IP-address is.
|
|
|
|
|
|
|
|
|
|
On Debian based systems this is done like so in the terminal:
|
|
|
|
|
|
|
|
|
|
`$ ifconfig`
|
|
|
|
|
|
|
|
|
|
If you get a command not found warning try this:
|
|
|
|
|
|
|
|
|
|
`$ ip address`
|
|
|
|
|
|
|
|
|
|
This will return information on your network connection. Look for the line saying `inet`
|
|
|
|
|
|
|
|
|
|
3: wlp3s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
|
|
|
|
|
link/ether ac:ab:00:00:ac:ab brd ff:ff:ff:ff:ff:ff
|
|
|
|
|
inet 192.168.1.11/24 brd 192.168.1.255 scope global wlp3s0
|
|
|
|
|
valid_lft forever preferred_lft forever
|
|
|
|
|
inet6 fe80::eab1:fcff:acab:374e/64 scope link
|
|
|
|
|
valid_lft forever preferred_lft forever
|
|
|
|
|
|
|
|
|
|
In this case the IP-address of the machine is `192.168.1.11`. As a rule of thumb you can then change the last digit of your IP-address to either `1` or `254` to find the router.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
### Log in to your home router and get to know your LAN
|
|
|
|
|
|
|
|
|
|
Using a web browser, navigate to the IP-address you found above to reveal the router's admin panel. It should provide you with a log in field where you can enter the router's admin details to get access to the control panel.
|
|
|
|
|
|
|
|
|
|
There you will see a lot of possible settings. Look at the options "LAN", "DHCP Leases" or "Network" to get an overview of all the devices.
|
|
|
|
|
|
|
|
|
|
### Connect your homeserver
|
|
|
|
|
|
|
|
|
|
Use an ethernet cable to connect your homeserver to your router. In case that it has ethernet ports in different colors/markings make sure you take something that says either `LAN` or `INET`. Once you have connected your home server to the router powered it on if you haven't already.
|
|
|
|
|
|
|
|
|
|
Have a look at your router's interface again and look for the IP-address that your server was assigned. In this guide I'll assume it was 192.168.1.10 as displayed in the graph above.
|
|
|
|
|
|
|
|
|
|
Next try to find an option called "Static (DHCP) Lease" or "DHCP Binding" or something similar in your router interface's LAN view. Then make sure to assign your server a static DHCP lease. The IP-address it has now is probably fine for that! This will make sure that the server is always reachable under the same IP-addres.
|
|
|
|
|
|
|
|
|
|
## Forward the ports
|
|
|
|
|
|
|
|
|
|
Once you've set up a static lease to your homeserver you can start port forwarding. Depending on the make of the router it can be called Port Sharing or Traffic Forwarding and can usually be found in a section of the router admin interface dealing with 'security' or 'internet'.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
## Additional Resources
|
|
|
|
|
|
|
|
|
|
* [https://portforward.com/](https://portforward.com/router.htm) has a large list of routers and visual instructions on how to set up port forwarding on them.
|