Accessing a fedora server from the internet

[chronmon]

Okay, I new here and I not exactly sure where I should post this question, but I'm posting it here causes this sounds like the right place for it.

I'm currently running a fedora 13 server, the only services right now are ssh and apache. I can access and use the services on my local network, but I cannot probably due to many problems which I don't understand... yet. Anyway I was wondering how would I go about allowing this server to be accessed from the internet. (ie I want to be able to update from the library/classroom at school)

---------- Post added at 06:34 PM CDT ---------- Previous post was at 06:24 PM CDT ----------

Um my bad just looked at the stickied post and my questions were answered

[stevea]

A local home or sosho usually uses a provare LAN address. These IP addresses usually begin with
192.168.x.x
172.16-31.x.x
10.x.x.x

But to access a system from across the internet you need to have a PUBLIC IP address.

All ISPs (afaik) give your home one single public IP address. Then either they supply a router or else the user provides a router if you have more than one home system to connect.

To determine your public IP address, goto this website http://www.whatismyip.com/ from your Fedora system's browser.
To detemine your private IP address (if any) perform this command from a teminal window;
ip addr
you'll see several ouput lines .. a set for each network interface. For example:

Quote:

4: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0e:35:45:4e:b0 brd ff:ff:ff:ff:ff:ff
inet 192.168.42.120/24 brd 192.168.42.255 scope global eth1
inet6 fe80::20e:35ff:fe45:4eb0/64 scope link
valid_lft forever preferred_lft forever

This says that my eth1 interface is assigned an IP address of 192.168.42.120 - a PRIVATE address.

===
So if your system has an interface assigned a PUBLIC IP address (unlike mine) then you can just use that IP address for a remote ssh session.

More likely your system has a PRIVATE IP like mine. In that case yo uneed to configure the router to "forward ports". THe router is going to be at the gateway address (use the ip route command looking for the "default" line. So I need to go to 192.168.42.1 and change the configuration. For ssh service (on port 22) Iwould want to forward port 22 from the router to my system as 192.168.42. 120.

After the port forward is created then you can ssh to the public IP address (the router's address really) and it knows enough to forward that traffic to the server (192.168.42.120 in my case)

==

*** Be SURE you use real system passwords (not "root123") for your server accounts. Scripot kiddies will scan port 22 and try simple passwords.

==
More advanced topics to consider:
1/ Setup ssh to use keys and not password authentication to avoid the script-kiddies.
2/ Consider forwarding a different port to port 22 - ((public 433 => Private 22 for example)). This prevents the scans from showing an ssh port.
3/ Consider using a dynamic dns service, like dyndns.com. This allows you to have a resolvable hostname rather than use IP numbers. cronmon.syndns.com for example.


How to forward ports is related to your specific router.

[Doug G]

Also you should make sure your ISP doesn't block http if you want to use your web server. Many residential ISP's don't allow running your own web server on their connection. Also you may need to tweak your firewall in the server.

Study up on server security if you want to expose your server to the public internet. Or if it's just your private use, learn how to tunnel various services into your server over an SSH connection for greater security and less exposure to the bad guys.

[Kholdstate]

And in the event of your ISP blocking web servers (as far as I know this is done by blocking connections on port 80) you can set up your web server to run on a different port, like 8080 or similar (look for the line "listen 80" in /etc/httpd/conf/httpd.conf). Then you can access it through going to http://yourserver-ip:8080