{"id":1441,"date":"2013-11-24T21:04:07","date_gmt":"2013-11-24T19:04:07","guid":{"rendered":"http:\/\/blog.chschmid.com\/?p=1441"},"modified":"2020-07-20T13:41:31","modified_gmt":"2020-07-20T11:41:31","slug":"the-making-of-me-chschmid-com-part-6-connection-to-the-world","status":"publish","type":"post","link":"https:\/\/blog.chschmid.com\/?p=1441","title":{"rendered":"The Making of me.chschmid.com, Part 6: Connection to the World"},"content":{"rendered":"<p>So far <a title=\"The Making of me.chschmid.com, Part 5: Server Configuration\" href=\"https:\/\/blog.chschmid.com\/?p=1451\">the server<\/a> was in a protected environment, but it&#8217;s time to let it see the world! This involves three things:<\/p>\n<ul>\n<li>Setting up the server firewall<\/li>\n<li>Configuring the dyndns stuff<\/li>\n<li>Setting up the router<\/li>\n<\/ul>\n<h2>Server Firewall<\/h2>\n<p>You only want those ports to be open that you really need. I&#8217;d recommend using ufw for configuring your firewall. In my case<\/p>\n<pre class=\"brush: plain; title: ; notranslate\" title=\"\">sudo ufw allow ssh\nsudo ufw allow http\nsudo ufw allow https\nsudo ufw deny proto udp to any port 137 from 192.168.22.1\nsudo ufw deny proto udp to any port 138 from 192.168.22.1\nsudo ufw deny proto tcp to any port 139 from 192.168.22.1\nsudo ufw deny proto tcp to any port 445 from 192.168.22.1\nsudo ufw deny proto tcp to any port 9000 from 192.168.22.1\nsudo ufw deny proto tcp to any port 5901 from 192.168.22.1\nsudo ufw deny to any port 3483 from 192.168.22.1\nsudo ufw allow proto udp to any port 137 from 192.168.22.0\/24\nsudo ufw allow proto udp to any port 138 from 192.168.22.0\/24\nsudo ufw allow proto tcp to any port 139 from 192.168.22.0\/24\nsudo ufw allow proto tcp to any port 445 from 192.168.22.0\/24\nsudo ufw allow proto tcp to any port 9000 from 192.168.22.0\/24\nsudo ufw allow proto tcp to any port 5901 from 192.168.22.0\/24\nsudo ufw allow to any port 3483 from 192.168.22.0\/24\n<\/pre>\n<p>which means allowing access to SSH, HTTP and HTTPS from anywhere in the world and to the squeezebox server and the Samba server only from the local network but not from the router. Finally you need to enable the firewall:<\/p>\n<pre class=\"brush: plain; title: ; notranslate\" title=\"\">\nsudo ufw enable\n<\/pre>\n<h2>Dyndns Stuff<\/h2>\n<p>My provider gives my router a new IP (= unique address on the web) from time to time. To be able to find my router\/computer from the outside world, I have to report my IP to someone who can help me find it any time.<\/p>\n<p>Here is how it works: me.chschmid.com points to chschmid.mooo.com and chschmid.mooo.com I have tell what my current IP is when it has changed. It&#8217;s less complicated than it sounds<\/p>\n<ol>\n<li>Get an account at <a href=\"http:\/\/freedns.afraid.org\/\" target=\"_blank\" rel=\"noopener noreferrer\">http:\/\/freedns.afraid.org\/<\/a><\/li>\n<li>Download the latest IPdetect from <a href=\"http:\/\/ipdetect.sourceforge.net\/\" target=\"_blank\" rel=\"noopener noreferrer\">http:\/\/ipdetect.sourceforge.net\/<\/a><\/li>\n<li>and set it up as described in the readme file ;)<\/li>\n<\/ol>\n<p>By the way if your router is running on a modified firmware such as <a href=\"http:\/\/www.dd-wrt.com\" target=\"_blank\" rel=\"noopener noreferrer\">DD-WRT<\/a>, this task can also be handled by your router and configured via its web interface. Just search for Dynamic Domain Name Service (DDNS). Sadly DD-WRT is not an option for me as the <a href=\"http:\/\/dd-wrt.com\/wiki\/index.php\/Linksys_E3200\" target=\"_blank\" rel=\"noopener noreferrer\">5 GHz support is broken for my router<\/a> :(<\/p>\n<h2>The Router<\/h2>\n<p>First I had to tell my router that my server should always get the same local IP 192.168.1.200 based on its MAC address.<\/p>\n<p><a href=\"https:\/\/blog.chschmid.com\/wp-content\/uploads\/2013\/11\/static_ip.png\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-1516\" src=\"https:\/\/blog.chschmid.com\/wp-content\/uploads\/2013\/11\/static_ip.png\" alt=\"static_ip\" width=\"900\" height=\"540\" srcset=\"https:\/\/blog.chschmid.com\/wp-content\/uploads\/2013\/11\/static_ip.png 900w, https:\/\/blog.chschmid.com\/wp-content\/uploads\/2013\/11\/static_ip-300x180.png 300w, https:\/\/blog.chschmid.com\/wp-content\/uploads\/2013\/11\/static_ip-624x374.png 624w\" sizes=\"auto, (max-width: 900px) 100vw, 900px\" \/><\/a><\/p>\n<p>And secondly ports 22, 80 and 443 have to be forwarded to that local IP. Here&#8217;s a screenshot what this looks like in my case.<\/p>\n<p><a href=\"https:\/\/blog.chschmid.com\/wp-content\/uploads\/2013\/11\/port_forwarding.png\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-1507\" src=\"https:\/\/blog.chschmid.com\/wp-content\/uploads\/2013\/11\/port_forwarding.png\" alt=\"port_forwarding\" width=\"980\" height=\"620\" srcset=\"https:\/\/blog.chschmid.com\/wp-content\/uploads\/2013\/11\/port_forwarding.png 980w, https:\/\/blog.chschmid.com\/wp-content\/uploads\/2013\/11\/port_forwarding-300x189.png 300w, https:\/\/blog.chschmid.com\/wp-content\/uploads\/2013\/11\/port_forwarding-624x394.png 624w\" sizes=\"auto, (max-width: 980px) 100vw, 980px\" \/><\/a>Now this calls for some champaign! The server is set up and online! You can take a look at some server stats at <a href=\"https:\/\/me.chschmid.com\" target=\"_blank\" rel=\"noopener noreferrer\">https:\/\/me.chschmid.com<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>So far the server was in a protected environment, but it&#8217;s time to let it see the world! This involves three things: Setting up the server firewall Configuring the dyndns stuff Setting up the router Server Firewall You only want those ports to be open that you really need. I&#8217;d recommend using ufw for configuring [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":true,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2}},"categories":[4],"tags":[19,13],"class_list":["post-1441","post","type-post","status-publish","format-standard","hentry","category-life_and_stuff","tag-linux","tag-online"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/p15PpI-nf","_links":{"self":[{"href":"https:\/\/blog.chschmid.com\/index.php?rest_route=\/wp\/v2\/posts\/1441","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.chschmid.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.chschmid.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.chschmid.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.chschmid.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1441"}],"version-history":[{"count":26,"href":"https:\/\/blog.chschmid.com\/index.php?rest_route=\/wp\/v2\/posts\/1441\/revisions"}],"predecessor-version":[{"id":2877,"href":"https:\/\/blog.chschmid.com\/index.php?rest_route=\/wp\/v2\/posts\/1441\/revisions\/2877"}],"wp:attachment":[{"href":"https:\/\/blog.chschmid.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1441"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.chschmid.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1441"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.chschmid.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1441"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}