Setting up a home web server via cable modem and router

Posted on 2003-03-20
Medium Priority
Last Modified: 2010-03-17
I just recently got high-speed internet through Comcast.  In my house, I have all network jacks (8) plugged into a switch, then the switch is patched into my cable router (stateful, VPN capable), which is then plugged into the comcast cable modem.

I staged a desktop as a Linux server running Apache (I'm new to Linux so I'm still learning), and want to publish web pages so other family members can reach these over the internet.

Can someone give me some specifics on how I make that machine addressible from the internet?  Currently, my cable router provided dhcp addresses and I'm unsure how I can configure things so the server is reachable.  The router does have a DMZ port on it, but I'm not sure this helps.

Any help is greatly appreciated!
Question by:copleydt
LVL 79

Accepted Solution

lrmoore earned 172 total points
ID: 8178805
FIrst, you have to read your Comcast agreement regarding servers. Many cable providers block inbound http port 80.
What router do you have? All you really need to do is find the public ip address of your router, forward port 80 to your web servers 192.168.x.x address, and have your family members http://publicipaddress

Assisted Solution

zekker earned 164 total points
ID: 8182822
I am not sure about your gear but some products allow you to NAT (Network Address Translation) one of your nicks to the outside world.  Check your documentation.  

If you get better at Linux you could actually put your server right up on the internet.  Just set your one EXTERNAL NIC to be able to use DHCP.  You will also have to enable to setup forwarding and iptables.  Lots of howto's on that on the net. Is your desktop Linux machine ONLY for your web server?  If so that is a good alternative.

but if that is beyond you at the moment, then I would take a look at your gear and read the manual to see if it supports NAT.

If you do decide to put your linux box up on the net make sure you have as few services running as possible.  I would be very careful about that.  To see what services are visiable on your linux box on a specific Interface do the following

nmap xxx.xxx.xxx.xxx   xxx = your NIC.

You should also look into SSH (secure shell access) for your server.  This is available on redhat in the install.
you can start it with /etc/init.d/sshd start

Try to avoid openning telnet at all costs, SSH works much like telnet but its all encrypted.  Telnet is clear text and a security risk.  

If you need a hand with it, I can get you going that way.

Good luck!

Expert Comment

ID: 8182833
I forgot to mention you can also setup dynamic DNS with the following service.


They do supply and app that will take into account that your IP may change.  You will also have to register a domain name, which you can also do from that site.

Have fun!

- Zekker

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

LVL 34

Assisted Solution

arbert earned 164 total points
ID: 8183837
Not sure about your hardware, but on mine I can tell my router to route all INCOMING port 80 traffic to a particular machine on the internal network.  Then you give your family out the address that your cable modem received from DHCP.  Just remember, if you get a different DHCP address, you'll have to give it to your family....

LVL 21

Expert Comment

ID: 8187834
The dynamic dns is probably the best bet, but many cable providers forbid webservers, and the frequent portscans on my own network are meant to detect them.
If you breach their terms and conditions, they could bar or even sue you.
Read your contract carefully.
LVL 21

Expert Comment

ID: 8187847
If you only want local access, (intranet), just run apache and point the web browsers of your other home machines to the IP address of the machine running the webserver.
e.g. http://192.168.xxx.xxx

Expert Comment

ID: 8197447
Just before you do anything with the above info, make sure you have a properly configured server and firewall to protect you and others from hackers. First and formost patch your system, APACHE and OpenSSL have had their problems.  The reason ISP's started banning web servers was because people didnt patch the systems and nimda, codered type worms killed their bandwidth, so they just block the ports now.
LVL 21

Expert Comment

ID: 8206070
Sorry, the main reason ISPs ban Webservers, ftp servers etc is Bandwidth hogging.
Just because you have an always on connection, doesn't mean you can set up bandwidth draining services which interfere with your neighbors on the local loop.
As an example, I get 512KB on cable.
Most of the time, takes 3-4 hours to download a cd of data(650K).
 This morning at 7:45, took 12 minutes! the local loop was asleep or at work.
If lotsa ppl start running webservers, ftp servers, P2p servers, etc. no Bandwidth! Even if they are patched,etc.
If you want to run a server, pay for a fixed IP and pay by bandwidth.

My main snort attack sig is from my cable provider.


Expert Comment

ID: 8206324
Just watch for couple of things:

-Most likely, as long as your demark node is kept on, your IP addr will not change.  Just check this once in awhile and make changes to DNS as needed.  Best bet is to watch your logs for any ISP down time, whether it be an outage or maint activity.

-Your upstream speed is very low compared to your downstream speed.  It doesn't take much to clog up 128k uplink (most probably what you have.)

Expert Comment

ID: 8243116
Well if your running a switch most dont have a NAT firewall. but on your router depending on the model, on most you can open a single port at a time. If your ISP blocks port 80 which mine does. You can redirect it to say 8080. So open port 8080 on your router set to your linux servers lan address. Then you need to go into your apache config file and have it listen on 8080. Then that is it unless you are going to use a domain name which you either need to setup a DNS server for use a free dns server.

Expert Comment

ID: 8335189
With regard the Dynamic IP address, try www.no-ip.com
They supply a bit of software for free and will also allow you to setup a free domain name ie abc123@zapto.org or whatever.  Everytime you log on or it changes, the software updates abc123 etc so that the ip address is correct.  Your family just have to log on to abc123 etc to find you.

Hope this helps.  

Featured Post

Get expert help—faster!

Need expert help—fast? Use the Help Bell for personalized assistance getting answers to your important questions.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Cable Modem Provisioning from DPoE compliant server  This Article is to support CMTS administrators to provide an overview of DOCSIS compliance configuration file, and to provision a cable modem located at customer place from a Back office serve…
Last month, the FCC voted to repeal Title II, the framework supporting net neutrality across all broadband ISPs. We sat down with Doug Walton, database administrator at Experts Exchange to gauge his opinion of what will happen next.
With just a little bit of  SQL and VBA, many doors open to cool things like synchronize a list box to display data relevant to other information on a form.  If you have never written code or looked at an SQL statement before, no problem! ...  give i…
Kernel Data Recovery is a renowned Data Recovery solution provider which offers wide range of softwares for both enterprise and home users with its cost-effective solutions. Let's have a quick overview of the journey and data recovery tools range he…
Suggested Courses

580 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question