Someone on the PANMA list recently asked about running a web server on his FiOS line. I have some thoughts.
Verizon definitely blocks incoming port 80. The only way around that is to get a business account that allows servers (opens port 80) and provides a dedicated IP address.
To serve a web site from your internal server to a remote browser, that browser must make its request on a different port than the standard port 80. In addition, you must configure your internal network so that the incoming request is routed to your server.
The router is often able to take incoming requests on a specific port (I like to use port 88 or 8080) and forward them to a computer with a specific IP address inside your internal network. Routers can often reroute that request to a different port, thus requests originating on port 88 can route to the server on your internal network on port 80. The advantage of this is that you can make normal requests of your server from inside your network without adding the port to the requests.
There are two concerns if this is what you want to attempt. First, your router must know to what computer the request should be routed. Usually if you connect a new computer to your network, DHCP simply assigns an IP address to that PC from the pool that the router makes available. This is a problem because then the server is not guaranteed to be using a specific IP address. If the router must be configured to route incoming web requests to a specific IP address, then an IP address that changes is a problem.
To mitigate this issue, you must either assign a fixed IP address to your server from the range that is outside of your DHCP range. On my network, this internal IP address is 192.168.111.68 and is fixed as my home server’s IP. Alternatively, some routers allow you to always assign the same IP address to a system via DHCP by identifying its MAC address. This is often a better solution if your router allows it because it allows you to configure IP addresses entirely from your router, rather than having to assign addresses at the server.
The second concern is mapping the correct external port to the port on which the server is listening. This is usually done by configuring port mapping in the NAT table of your router. If can also be done using the DMZ, which will route all requests from the internet to a specific IP address. This can be dangerous though, since you are effectively exposing all other running services on the server to the internet.
Beyond the configuration of NAT on your router, you must determine a way to connect to the IP address of your router from outside, since the IP address assigned to your router can change at Verizon’s whim. There are dynamic DNS services that can assign a domain to your IP address and change it as your network address changes. You will need either a router that supports one of these services, or some software running on your server (or one of the other PCs on your network) that can periodically update the dynamic DNS service with your network’s address. This will allow you (and others) to find your network using a domain name rather than the IP address.
Note that there may be additional concerns about assigning a domain to your network IP, especially if you are using virtual hosts on your server. Also note that depending on your router and your network configuration, you may not be able to access your server using that domain name, even though it may work from outside your network.
Finally, it may be against Verizon’s terms of service for you to run a server on your residential network connection. For that reason, I do not run public servers on my internal network. The servers I make available are for my own use, primarily internally on my network, or for accessing files on my PC remotely.
All of that said, if these configuration instructions don’t already make sense to you, then exposing your internal network to the internet is probably a very bad idea.
