Some notes on home network configuration for hosting personal websites

Printer-friendly version

A friend is trying to set up his home computer to expose a website to the internet, and is having some problems getting it to work. In assisting him, I realized that some of the information I've given him may be of use to others.

So, here it is.

The general setup consists of a computer (running Linux and a web server), connected to the LAN side of a router. The WAN side of the router connects to the internet. The intent is to make the web server accessible to the internet through it's own domain name, and a "dynamic DNS" provider will handle the DNS settings to connect domain name to it's dynamic IP address.

---------- "The Internet" -------------------.        .------------- "Your LAN"----------------
                                             |        |
                                             v        v
                     +---+                 +---ROUTER--+                 +------COMPUTER-----+
                     |   |                 |   :   :   |                 |   :   : webserver |
                     |   |                 |   :   :   |                 |   :   :-----+     |
                     |   |                 |   :   :   |                 |   :   :     :     |
 the internet ~~~~~~>:   X<~~~~~ ISP ~~~~~>X   :   :   X<~~~~~ LAN ~~~~~>X<~>:<~>[80]  :     |
                     |   |                 |   :   :   |                 |   :   :     :     |
                     |{1}|                 |{2}:{3}:   |                 |{4}:{5}:-----+     |
                     |   |                 |   :   :   |                 |   :   :           |
                     +---+                 +---^---^---+                 +---^---^-----------+
                                             /   :    \                    \   \
                                            /    :     your routers         \   Firewall
                                           /     :     LAN IP address        \
                           "public" IP address    \                           your computer's 
                           aka    Firewall                   LAN IP address


{1} The ISP may have network settings that block incoming requests to specific "dangerous" ports. This blocking would include TCP port 80 (http/web) and TCP port 25 (smtp/email). If present, these blocks are out of your control; if they exist, then you won't receive traffic on those ports, no matter how you configure your router and computer.
There only two ways around this: either
  1. ask everyone outside ("on the internet") to use a specific non-standard port that the ISP doesn't block, and then make changes to your router to transform connections to that port into connections to the proper port, or
  2. move your internet connection to an ISP that doesn't block service ports
{2} Your public network address, assigned by your ISP, is the address that your dynamic DNS name should use. Make sure that your router properly updates your DNS provider with the public ("WAN") address whenever the ISP changes it.
{3} The router may have a builtin firewall, with some "Network Address Translation" (aka "Masquerade", "Port Forwarding", or "Virtual Server") facilities built in. Make sure that this is set to forward HTTP (TCP Port 80, or your selected alternate port) to the webserver computer's TCP Port 80.
{4} Your computer uses a private IP address, typically assigned by the router. Do not use this address for your Dynamic DNS - it won't work. Do use this address in setting your router's "Port Forwarding" options (as in {3}, above).
{5} The computer may have a firewall. If so, make sure that it permits incoming TCP port 80 connections through your private IP address, so that your webserver can receive and respond to HTTP requests coming from outside.
System Configuration: