Port forward for ssh and apache24

molofishy

Member

Reaction score: 3
Messages: 51

I've already port forwarded from Port 22 to be able to ssh into my server from anywhere, which works. Is this sufficient for a web server or would I also need to Port forward from Port 80 for a web server?
 

Remington

Aspiring Daemon

Reaction score: 167
Messages: 534

It's good idea to port forward 80 to your web server. You don't want to open all ports.
 

ShelLuser

Son of Beastie

Reaction score: 1,739
Messages: 3,556

Port 80 and optionally 443.

But from a security perspective it might be a good idea not to use port 22 at all but another (random) one, known by you. You can always forward it to port 22 on your server. The reasoning is simple: people who might want to try to log onto your server will start with port 22. And that could become annoying, so if you use a random port it will filter out plenty of login attempts.
 
OP
OP
M

molofishy

Member

Reaction score: 3
Messages: 51

A follow-up question. I have noticed the following... I can view the default Apache test webpage (with the "It works!" text) when:
  • I am using local wifi and I insert http://192.168.1.7/ into my browser (the local ip of the server).
  • I am using a remote IP and I insert http://domainname.ddns.net into my browser.
But I cannot view it when:
  • I am using local wifi and I insert http://domainname.ddns.net into my browser.

The only change I've made to httpd.conf is by adding:
Code:
ServerName domainname.ddns.net:80
Any idea what I'm missing?
 

Remington

Aspiring Daemon

Reaction score: 167
Messages: 534

Easy solution is to add you local IP address for the domain name using /etc/hosts. Mac OS and Windows also have hosts file too.
 
OP
OP
M

molofishy

Member

Reaction score: 3
Messages: 51

I'm trying your solution Remington. Fyi, I am also prevented from using the domainname to ssh when on local wifi (when on a remote ip I can use the domainname I setup with noip.com to ssh). Rather to ssh I must do ssh username@192.168.1.7.

When I add 192.168.1.7 domainname.ddns.net to /etc/hosts on my personal computer (not on the server), then I can at least ssh with ssh username@domainname.ddns.net locally. But then I am restricted from sshing into the server when on a remote ip; so that doesn't work. Also, adding that line to /etc/hosts (on my personal macbook or on the BSD server) does not seem to help with the Apache problem I mentioned in my previous post. Additionally, when typing domainname.com into my browser, it sends me directly to my router — which is identical behaviour to if I type 192.168.1.1 into the browser. So it seems that when on local wifi, [URL='http://domainname.com/']domainname.com[/URL] is the router not the server.

I might need to attempt the dreaded split DNS solution suggested by kpa...

My /etc/rc.conf looks like the following:
Code:
hostname="domainname"
ifconfig_ue0="inet 192.168.1.7 netmask 255.255.255.0"
defaultrouter="192.168.1.1"
keymap="swissgerman.macbook.acc.kbd"
sshd_enable="YES"
moused_enable="YES"
ntpd_enable="YES"
ntpd_sync_on_start="YES"
pf_enable="YES"
pflog_enable="YES"
syslogd_enable="YES"
powerd_enable="YES"
dumpdev="AUTO"
zfs_enable="YES"
noip_enable="YES"
sshguard_enable="YES"
sshguard_safety_thresh="30"
sshguard_pardon_min_interval="600"
sshguard_prescribe_interval="7200"
apache24_enable="yes"
 
OP
OP
M

molofishy

Member

Reaction score: 3
Messages: 51

I just solved this. I had to login to my router and associate the ip 192.168.1.7 with my domainname. In the router, this was in a section under the "advanced settings", then "LAN domain". Now I can use the domainname locally. Whoop!
 
Top