# Port forward for ssh and apache24



## molofishy (Nov 5, 2016)

I've already port forwarded from Port 22 to be able to ssh into my server from anywhere, which works. Is this sufficient for a web server or would I also need to Port forward from Port 80 for a web server?


----------



## Remington (Nov 5, 2016)

It's good idea to port forward 80 to your web server.  You don't want to open all ports.


----------



## ShelLuser (Nov 6, 2016)

Port 80 and optionally 443.

But from a security perspective it might be a good idea not to use port 22 at all but another (random) one, known by you. You can always forward it to port 22 on your server. The reasoning is simple: people who might want to try to log onto your server will start with port 22. And that could become annoying, so if you use a random port it will filter out plenty of login attempts.


----------



## molofishy (Nov 6, 2016)

A follow-up question. I have noticed the following... I can view the default Apache test webpage (with the "It works!" text) when:

I am using local wifi and I insert `http://192.168.1.7/` into my browser (the local ip of the server).
I am using a remote IP and I insert `http://domainname.ddns.net` into my browser.
But I cannot view it when:

I am using local wifi and I insert `http://domainname.ddns.net` into my browser. 

The only change I've made to httpd.conf is by adding:

```
ServerName domainname.ddns.net:80
```
Any idea what I'm missing?


----------



## kpa (Nov 6, 2016)

You need to set up split DNS where your local DNS resolver returns local addresses for local clients instead of the public IP. For example with dns/unbound:

https://calomel.org/unbound_dns.html


----------



## Remington (Nov 6, 2016)

Easy solution is to add you local IP address for the domain name using /etc/hosts.  Mac OS and Windows also have hosts file too.


----------



## molofishy (Nov 6, 2016)

I'm trying your solution Remington. Fyi, I am also prevented from using the domainname to ssh when on local wifi (when on a remote ip I can use the domainname I setup with noip.com to ssh). Rather to ssh I must do `ssh username@192.168.1.7`.

When I add `192.168.1.7 domainname.ddns.net` to /etc/hosts on my personal computer (not on the server), then I can at least ssh with `ssh username@domainname.ddns.net` locally. But then I am restricted from sshing into the server when on a remote ip; so that doesn't work. Also, adding that line to /etc/hosts (on my personal macbook or on the BSD server) does not seem to help with the Apache problem I mentioned in my previous post.  Additionally, when typing `domainname.com` into my browser, it sends me directly to my router — which is identical behaviour to if I type `192.168.1.1` into the browser. So it seems that when on local wifi, `[URL='http://domainname.com/']domainname.com[/URL]` is the router not the server. 

I might need to attempt the dreaded split DNS solution suggested by kpa...

My /etc/rc.conf looks like the following:

```
hostname="domainname"
ifconfig_ue0="inet 192.168.1.7 netmask 255.255.255.0"
defaultrouter="192.168.1.1"
keymap="swissgerman.macbook.acc.kbd"
sshd_enable="YES"
moused_enable="YES"
ntpd_enable="YES"
ntpd_sync_on_start="YES"
pf_enable="YES"
pflog_enable="YES"
syslogd_enable="YES"
powerd_enable="YES"
dumpdev="AUTO"
zfs_enable="YES"
noip_enable="YES"
sshguard_enable="YES"
sshguard_safety_thresh="30"
sshguard_pardon_min_interval="600"
sshguard_prescribe_interval="7200"
apache24_enable="yes"
```


----------



## molofishy (Nov 7, 2016)

I just solved this. I had to login to my router and associate the ip 192.168.1.7 with my domainname. In the router, this was in a section under the "advanced settings", then "LAN domain". Now I can use the domainname locally. Whoop!


----------

