In the last article, I described the process of obtaining a static IP address for your website, registering your domain name, and setting up domain name services.
This time, it’s back to the homefront, where I will discuss setting up your router to open up just enough to let your webserver peek out.
This is probably the hardest part of this series. You will have to do a fair amount of research and maybe will need more than one conversation with your ISP to make sure you have all the information to set up your router and network computers correctly.
I strongly suggest the use of a router, whether you have one computer or many. Routers have built-in security features that make it more difficult for folks on the internet to peek inside your network. Most routers also have features to open themselves up to individual machines, and this is what I will be discussing momentarily.
First, the webserver computer will need to have its own static IP address. Get back with your ISP to make sure you have not only your static IP address, but also your subnet mask, dns server addresses, and search domain information.
If you haven’t already set up your router for your new static IP address, you should do so now.
Your ISP will provide the following information to you:
- IP address: the static IP address your ISP assigned to you
- DNS address: you should get this from your ISP–if there are two addresses, copy down both numbers
- Gateway address: your ISP provides this number
- Subnet Mask: you should get this from your ISP
- Search domains: some “domain.com” address
Next, you will need to assign a static IP address to your webserver computer and complete its configuration.
In your Network Systems Preference (OS X), or the Networks control panel (OS 9), you will need to create a custom network configuration for your Macintosh. It should look something, but not exactly like the example below. Just plug those numbers into the assigned fields.
NOTE: Your router will usually assign IP addresses in the ranges of:
- 192.168.0.n (where n is a number from 2 to 254)
- 192.168.1.n (where n is a number from 2 to 254)
- 192.168.2.n (where n is a number from 2 to 254)
- 192.168.3.n (where n is a number from 2 to 254)
In this example:
- IP: 192.168.2.5
- DNS: bbb.bbb.bbb.bbb (if there are two addresses, copy down both numbers)
- Gateway: 192.168.2.1 (usually the IP address of your router)
- Subnet Mask: 255.255.255.255
- Search domains: somethingorother.com
Your remaining computers can use regular DHCP connectivity settings (where the router assigns IP addresses).
You will need to make sure your router’s DHCP server does not automatically assign IP addresses in the range where you will be assigning your static IP address. For example, if you want to assign your webserver an internal IP address like 192.168.2.5, make sure your router begins assigning addresses at 192.168.2.10.
Some more explaining is needed here. You are actually working with different kinds of IP addresses. Your router automatically translates (or routes) addresses from the outside (the internet) to your internal network. This is a function known as NAT (Network Address Translation), which actually helps hide your network from the internet and is your primary mode of protection. On the internet side of your router, there’s only one IP address (the static IP address your ISP assigned to you). On the other side of your router is your internal network, for which your router either assigns IP addresses from its own DHCP server, or permits devices with static IP addresses to operate as long as they fall within the correct range of addresses (like your webserver). So, on your internal network side, we have your webserver with the IP address of 192.168.2.5, and you may have dozens of additional computers using the DHCP server which automatically assigns IP addresses beginning with (in this example) of 192.168.2.10, all the way up to 192.168.2.254. So, with only one IP address on the internet side, you can theoretically have hundreds of computers sharing that single outside IP address. Your internal network computers can communicate with each other without going outside, but if they need to go to a web page on the internet, the router automatically translates the address to the internet (along with all the rest of the users on your internal network). Whew! A cautionary note: don’t try to run a business with hundreds of computers on your side of the network. Your ISP will certainly make note of a high level of traffic at all times, and will likely object and will probably insist on you upgrading your account to a higher traffic business account.
This said, there are two ways in which consumer routers can be configured to let your webserver work correctly. The most common method is the DMZ (demilitarized zone). This places a computer with a designated IP address on the “other side” of the firewall. This computer receives no protection from the NAT server or firewall. This may be less of an issue with a Mac, but is still an issue nonetheless. The DMZ and Virtual Server methods (below) are also used by computer gamers, who need to open specific ports on their routers so they can share data with other gamers.
The other method, offered on my Belkin router and probably others, is what they call a Virtual Server. What this does is only open specific ports on the router for a designated computer to connect to the internet. For example, if you are using a standard web server, you would only need to open up port 80, which is the internet standard for HTTP servers. If you need to move files back and forth from the internet using ftp (file transfer protocol), you would need to open up port 25 on the virtual server. As always, RTFM (Read The Fine Manual–the clean version–I learned it differently!). There are so many variations based upon platform, manufacturer, etc., there’s no way I can describe in detail every possible way to set up a router.
With either of these two configurations, your webserver and the rest of the computers on your internal network should be able to access the internet and function properly.
I have used Netgear, Motorola, and Belkin routers on my website, and currently use a Belkin F5D7230-4 802.11G wireless router with which I’m very happy.
A final note: if you are using a wireless router on your network, make absolutely sure you have secured the wireless functions in multiple ways: do not broadcast your SSID, and use WPA-PSK security. No sense in securing your webserver from the wired internet only to leave it and the rest of your network vulnerable to wireless attacks. Read the documentation that came with your router, as well as the router’s online help (most have it) for more detailed instructions. I might even be convinced to write a blog on that topic in the future.
Next time, how to configure your Mac to run as a webserver.
Leave a Reply
You must be logged in to post a comment.