Now I have my linux internet gateway going, I'm thinking of setting up a web server. This is what my LAN looks like at the moment:

Is is possible to run apache on say, 192.168.0.1, but so it can be 'seen' from the internet?

You can have your webserver visible on both internal/external networks. You will have to add the IP address going to the internet/modem to your DNS record. Doing that will allow the domain to be resolved by the DNS. Apache will then use IP address that was used to resolve the domain, and forward pages to the requesting computer.

DNS confignot the exact configuration)

A 192.168.0.1 ( IP used for the internal network)
A 138.53.23.1 (IP address assigned to the external NIC. This could be private if your modem is also a router that uses private IP addressing)



When you finish editing the DNS configuration restart apache, then type httpd -s or if your using apache 2 httpd2 -s

This will list the IP addresses that apache will respond to.

Sure it is
You need to configure NAT/PAT on your router.

You have to redirect anything comming from the web to the TCP port 80 of you router to your PC where you webserver is running.

Check out your router's doc, it should tell you how to. I can give you an example I did with mine if you want

This will probably interest you ==> http://www.dyndns.org/services/dyndns/
You can freely register a hostname for you webserver there. Sth like mywebserver.linuxhome.org
So that you can give your friends sth else than a lame IP@ they'll never remember.

Note that if you didn't ask you ISP for a static IP you'll have to update it on the site regularly.

Thing is it's not really a router. It's just a gateway... or is that the same thing? I don't have any DNS servers set up either. Sorry, but I'm not exactly a networking expert!

iptables -t net -A PREROUTING ! -i $EXT_IFACE -p tcp --destination-port 80 -j DNAT --to 192.168.0.1:80


Er something of this nature to forward all requests from the external iface to the internal machine. I just copied pasted this from "Linux Server Hacks"

You don't need no local DNS server if you use the service provided on the site I gave you. They do it for you. They match yourwebserver.linuxhome.org (in my ex to the public IP address (provided by you ISP) of your router/gateway (whatever, doing the same job).

It works like this:

Internet <=====> Public IP of router --- 192.168.0.10 <======> local LAN

People out there on the web only see you public IP, there is no way they can see 192.168.x.x IP. So each connection from the web to you local LAN will use you gateway's public IP address.
Each service you wanna provide use a diferent TCP port number like for a web server, HTTP uses port 80 (FTP is 21, SMTP (email) use 25 etc...).

So to allow people from the net to reach the port 80 of your PC (the one with the webserver), you need to redirect all the connection reaching the public IP of your gateway on the port 80 to the IP of your webserver.

micxz post up there is showing you how to do it.
Hope my extra explanation will help you understand it

Yes, that's great. Thanks a lot!

Actually when I said that, I couldn't try it - I just presumed that it was right

I've finally got round to putting a monitor on the computer. But when I type it, I get told that the -p command 'contains wierd characters'

"contains wierd characters" Is that the error?

Yes, that is the error

You are doing this on the gateway computer right? Please paste what you have here.

Yes, 192.168.0.10. Post what exactly?

Copy paste the whole line you typed and the error. I'm not sure how else to help.

Okay, I typed:
iptables -t net -A PREROUTING ! -i $EXT_IFACE -p tcp --destination-port 80 -j DNAT --to 192.168.0.1:80

And the computer said:
Warning: wierd character in interface '-p' (no aliases, :, ! or *)
Bad argument 'tcp'