Glam Prestige Journal

Bright entertainment trends with youth appeal.

I have an Ubuntu server working fine in the Intranet and I need to access my files from the internet. I read forums and don't understand them well. Have an easy way? Security is not the priority now.

3

3 Answers

Security is always a priority and I'm afraid there is no easier way than this:

Port forwarding

You will need to setup port forwarding for all ports that you want accessible through the internet. Note that every open port poses a potential security risk, so be sparse here. Look at a list of port numbers by service to get an idea, which ports to forward. The most commonly forwarded are:

  • Port 22: SSH (for remotely managing your server)
  • Port 80: HTTP (websites)
  • Port 443: HTTPS (encrypted websites)
  • Port 989-990: FTP (file sharing)

The exact procedure for forwarding a port differs from router vendor to vendor and even between models. You will have to consult your router's manual and/or the internet for your specific router. Below, I attached an image of what the menu looks for Ubee my cable modem.

Basically you specify the incoming port range (80-80 for http), the local IP of your server to forward packets to (192.168.10 in my picture) and the port range on the server that requests should go to (again 80-80 in my example).

Note that some internet service providers block port 80 precisely to keep you from running your own home web server. This not much more than annoying, because you can just use another port. Many dynamic DNS services (see below) allow to specify an alternative port. To get very comprehensive info about your internet connection, including which ports are blocked, you can use the netalyzr of UC Berkely. If it doesn't work, you can use something else or check if you allowed Java Applets in browser

Port forwarding on a UPC cable model

Access via internet IP

Once you've done this people can access your web server already via your internet IP. They just have to enter the IP and port, e.g. 213.109.33.44:80, in the address field of their browsers. In this example I specify port 80 explicitly, which generally not needed. If port 80 is blocked, use something else instead. As one of the many ways to get your internet IP, you may enter the following command in a shell:

dig +short myip.opendns.com @resolver1.opendns.com

The problem with accessing your server via IP is twofold:

  1. IPs are hard to remember
  2. IPs are subject to change, if your internet service provider decides to (sometimes without notice), that is unless you're paying for a static IP.

Dynamic DNS Service

To get around those problems, you can either register a domain with your national authority and update the IP associated with the domain there manually or automatically every time it changes or use a dynamic DNS provider. I will talk about the latter a bit.

I use noip, they are free and only pester you every month or so to upgrade to their paid accounts. That's just a personal choice based on what was available 5 years ago. You should consult a recent comparison of dynamic DNS provides to choose.

In turn these dynamic DNS services will provide you with a redirect from an URL such as to your actual IP. For noip your server's address will be a sub-domain of one of their top-level domains (here no-ip.com). Generally you can chose the sub-domain name to be whatever you like, e.g. fluffy-bunnies.no-ip.com.

Automatically updating IP at dynamic DNS provider

Once you have the account, you can configure your router (if it supports that - see its manual) or Ubuntu to update the external DNS service. The service needs to be notified of your changing server IP periodically. Again, the exact procedure depends on your dynamic DNS provider. They usually have instructions on their website. I've found that ddclient is a good way to do it. It supports most common providers. To install it use:

sudo apt-get install ddclient

Then edit the config file in /etc/ddclient.conf. Mine for noip looks like this:

protocol=dyndns2
daemon=36000
pid=/var/run/ddclient.pid
ssl=yes
use=web, web= web-skip='IP Address'
server=dynupdate.no-ip.com
login=confus
password='1234321'
conserve.no-ip.org

Restart

Changes will take effect after server reboot or after you restart ddclient with:

sudo service ddclient restart

This works for Ubuntu 14.04.3 LTS (Trusty Tar) and ddclient 3.8.1.

2

Like @fkraiem said in the comments, you need to set up port forwarding on your router. Not all routers actually have this available, but newer Linksys/Belkin routers have it available, and Cisco routers should all have port forwarding.

Since you didn't provide very many details, I can't give an exact tutorial, but if you do happen to find the port forwarding menu in your router's web interface, you will want to forward port 80 to the IP address of the server.

NOTE: Many ISPs actually block incoming connections to port 80 for "safety reasons." You may have to change your web server to run on port 8080 and forward that.

Once you have port forwarding set up, you need to know your external IP in order to connect. You can just Google "what's my IP" to find it. Be aware that this IP is usually dynamic, which means it changes periodically. If you would like a permanent address, I recommend using No-IP to set up dynamic DNS.

If you need more details, leave a comment with yur router model, and I can help out further.

Putting your server online may not be related to the server that you created, instead it would require the process of setting up your router/firewall to allow access from the internet to the server. This process has several different methods. You should consider your networks topology, the structure of it, before you allow inbound traffic from the internet to your LAN. I would suggest that you take a look at PFSnense as a firewall, and use this to create a DMZ (Demilitarized Zone) on your network. This is a branch of your network that your primary LAN has access to, but the DMZ does not have access to the LAN. This is where your server hardware will be. Also, the type of wide area network address that you have makes a difference in being able to access the services provided by you server. If you have an address that is provided via DHCP (dynamic host control protocol) then you will need a dynamic DNS provider. I will assume that this is the case since static IP addresses come at a cost and there would be no reason for you to by one if you have never put a server online before. That being said, the process should go as follows:

Step 1)

Get an old computer to function as a fire wall. Make sure it has at least 3 ethernet controller ports. Install PFSense, and set it up such that one controller is the LAN port, one controller is the DMZ port, and one controller is the WAN port. For setting up a firewall in this configuration, please view the following page.

and then

Step 2)

Set up a dynamic DNS url:

or (a bit easier, but may cost money)

Step 3)

Create a cname alias for your domain name that points to your dynamic DNS url.

Step 4)

Configure your PFSense installation to use whichever method of dynamic DNS you selected.

If you choose not to use Dynamic DNS, which may totally be the case, you will need to configure your WAN port of the fire wall to use a Static IP address. Then you will need to point your URL's @ A record to that Static IP address.

Static IP Step 2)

Static IP Step 3)

Then log into your domain name registrar and update the @A record to point to the static IP address on your wan port. Be sure that you do the first step of setting up a DMZ before doing these. There are a lot probers out there looking to break into your server and use it maliciously.

note

I'm sorry, I could only post two links in this explanation. You will need to copy the URLs into your browser to check out the pages.

Related Journals