Areas of Consulting
Contact
Main Design's
|
LINUX RESOURCE #8
Connecting your system to the Internet
Assuming that you have a dsl or broadband connection, and that you have configured and checked your linux system,
the first thing that has to be done is to ask your isp if port 80 is open and if not, how to open it.
Once the port is open, if you are using a dsl router / modem then you will
have to change some parameters so that the router allows your linux server to:
- Obtain a dynamic hostname & dynamic IP or delegate a domain name and static IP that you already own
- Allow the router to pass requests from the Internet (WAN) to your network (LAN) specifically the linux system
- Set the NAT
- Set the Firewall
A tip, if you login at Dyndns you can use the Open Port Tool to check your isp settings.
| Some definitions |
| Router |
A network device that links your system(s) to your isp and the Internet |
| hostname |
a pseudo name for the system. |
| Static IP |
a four-byte (32-bit) number optionally provided by your isp. |
| Dynamic IP |
a four-byte (32-bit) number automatically provided by your isp. |
| Dynamic DNS |
Dynamic DNS and NAT |
| Web Server |
The system or device that publishes data to the network or Internet, normally port 80. |
| FTP Server |
The system that publishes or accepts files to and from the network or Internet, normally port 21. |
| Email Server |
The system that manages email to and from the network or Internet, normally port 25. |
Here is a graphic representation of what the network with Internet connections will look like.
the home office network
The Router
Many routers include a configuration area for dynamic dns. This function allows the user to enter the
information created at the Dyndns site so that the dynamic ip automatically provided by your isp is automatically
linked and updated to the host name that you chose. Once the ip is updated, the router links your host
name to the ip address that you have set as the internal ip for your server.
e.g.
| user server |
user router |
ip from aol.com |
dyndns.com |
user router |
user server |
| 192.168.0.10 |
192.168.0.1 |
205.188.142.182 |
63.208.196.110 |
192.168.0.1 |
85.53.122.64 |
This is the route that your router might take from within your network to the Internet and back again.
An interesting note here is that if you perform a tracert username.yourdyndnshostname.com, you should see only one hop
shown; this is because you are receiving the answer from your router and not from the Internet.
If however you do the same for another website such as google, you should see numerous hops.
On some of the newer routers, port 1 may be marked as DMZ.
If yours has this feature then plugging your server into the first port should give it lan to wan access.
Anyway, back to configuring the router. The steps that you take will depend on your router
and as I am using a Zyxel, the following is what the configuration should look like.
e.g. the main router configuration
If you do not have this feature, then you will do the following to enable your lan to wan.
To enable or open port 80 for web serving, we enter into the configuration of the router.
Then we choose the NAT option SUA edit details to specify the starting port #, ending port #, and ip address.
In the example here, we see 80 80 and 192.168.1.10 along with other port #'s with the ip's 0.0.0.0.
Entering the 80 80 and 192.168.1.10 tells the router that you are allowing lan to wan access to this port.
e.g. the NAT
e.g. editing the NAT SUA
The ip's with 0.0.0.0 are allowing the wan to the lan but do not allow other users on the internet to access your system
through these ports unless you change the firewall. An example of this usage is when you install a p2p program,
such as Kazaa or Napster, that attempts to modify your Internet access so that you can download and upload files.
Careful, opening unnecessary ports can be dangerous to the security of your files and your systems.
Also note that you do not want to disable your router's firewall even though you may be using a
software firewall on your systems.
After this, the router should normally not allow access from wan to lan until you change your firewall settings on
the router.
e.g. the FIREWALL
The firewall should be enabled using the config setting to activate it.
Once it has been activated, then the router should protect you from Internet outsiders unless you have changed the
rules of the DMZ (yes, demilitarized zone) allowing others access to your systems.
Here are some examples of firewall settings using the Local network to Internet and the wide area network:
This is the example that you want to be able to serve those web pages that you have worked on.
the LAN ---> WAN RULE SUMMARY
The next example shows the wan to lan rule and adding the port 80 rule here simply duplicates the original setup
of the router because ANY already includes the port 80 access. Therefore, you can leave the wan to lan as is.
the WAN ---> LAN RULE SUMMARY
The ANY setting is the default to allow your local systems access to the Internet.
The service is set to any(udp) and any(tcp), that allows local users to access a variety of Internet services.
When you specify a beginning and ending IP, and specify that the service is set only to HTTP(TCP:80),
that restricts the local and Internet access to web serving.
This also assumes that you have properly programmed your web pages so that they do not provide other internal services
on your system.
TIP, The best way to check if your router is setup properly is to call on an outside proxy service such as
phproxy and enter your username.yourdyndnshostname.com into the
location bar. If you see the phproxy banner with your test webpage then your router is configured properly.
If not, and you received a page not found or other error, then you will have to trace your steps and recheck your settings.
The reason that you want to check that your server is serving through a proxy is because you are inside the DMZ and you might
think that it is working because it showed you the test page. Requesting the page through the proxy is like you are
testing from another workstation off-site.
Happy web publishing!
|
|
|
