How to connect my server to the internet?

spongiform · March 18, 2025, 10:01am

My project is to experiment with zTree software (https://www.ztree.uzh.ch/en.html)
the economics experiment software using my home broadband.

I have the software running on the server. Now I need to make the zTree software avaiable to participants (zTree starts an Nginx server) using their own browsers.

What are the generic steps I must take? 2. How do I achieve these steps using the Luci interface to my router? Thanks.

Server running Debian 12.10 set to ip=192.168.0.7
Connected to BT HomeHub 5a running OpwnWRT 12.10 Oops 24.10
Server connected to router port Lan2

frollic · March 18, 2025, 10:06am

there's no such release, were you thinking of 24.10 ?

egc · March 18, 2025, 10:12am

Interesting software.

Maybe a simple port forward to 192.168.0.7 and using DDNS to publish a domain name for it will do?

spongiform · March 18, 2025, 11:28am

I was. Sorry about that.

spongiform · March 18, 2025, 12:05pm

Thank you for taking the time to reply. The port forward link leads to a page which just has a link to DNAT. This page suggests using DMZ. The DMZ page refers to a 'switch' page in Luci from 'Network'. My version of Luci - 'Network' only has 'Interfaces' 'Wireless' 'Routing' 'DHCP' 'Firewall' and 'Diagnostics'. Is it possible that my hardware doesn't support 'Switch'? In the mean time I'll just use DNAT.

egc · March 18, 2025, 12:12pm

A port forward can be made on Network > Firewall > Port Forwards

An example of my router Forwarding port 3456 form my WAN to a server which has address 192.168.0.5

spongiform · March 18, 2025, 12:18pm

Thanks, that's what I did. My 'Port forward' now looks like this:

I changed the ssh port to 61198 on the server.

frollic · March 18, 2025, 12:22pm

exposing ssh to the internet is extremely stupid ...

egc · March 18, 2025, 12:28pm

If you only use strong keys and not a password it is somewhat safe with emphasis on "somewhat", so I would not use it

If you want to have access to your local home/router consider using something like WireGuard or OpenVPN

spongiform · March 18, 2025, 4:19pm

Thanks again for your time. The software expects certain actions to be done via ssh. I thought that moving it to a none standard port at a high random number and using passwordless, key based login would suffice. Especially as this is just an experiment to see if I can get zTree working at all.

On the matter of 'DMZ' is this something I should conside, and is the lack of a 'switch' option in 'networks' a hardware limitation or a show stopper? Thanks again.

mk24 · March 18, 2025, 4:30pm

In this context I think "DMZ" means to put servers in a separate VLAN which works like a guest network in that those machines can't initiate any connection to your regular LAN or the router itself. This limits the damage that a hacked server could do. This is a recommended practice but it is also completely optional.

To make your server (on the regular LAN) accessible from outside you only need to determine which port(s) the service uses and forward those. Another meaning of "DMZ" is to forward all external ports to one machine. This is a one-click option in many basic and ISP routers; but in OpenWrt it needs to be done by forwarding a range of ports. The one machine that receives all traffic is usually a router not a server directly. Desired traffic will be selectively forwarded to server(s) on site and the rest will be dropped by its firewall.