Setting up a static IP address for your server; Port Forwarding

Your server is connected to your local network, and from there to the internet, with an IP address that was dynamically allocated to it via the DHCP process ("Dynamic Host Configuration Protocol"). In the set-up process described here, my wifi device had the IP address 192.168.7.200. Although your IP address might remain relatively constant on your home network, it could change—we want to give your server a fixed IP address so we'll always know where to reach it.

Let's get that static IP established. And then we'll see how to set up Port Forwarding so that you can reach your server not only from home, but from anywhere in the world!

1. Giving the server a static IP address

There are a couple of ways to do this. The best way is:

  1. Identify your Pi's MAC address
  2. Log in to your home router to set up an IP reserved for that address

How you actually go about doing this depends on your home network setup. In my case, I have an "eero" network at my house. I looked at the eero app that is used to administer that network and selected Settings > Advanced > Reservations & Port Forwarding. From there I was able to identify the MAC address of the Pi and its IP address and select those for an "IP Reservation."

You should have a similar process that you can work through, regardless of your home networking setup. Get the brand and model of your router or modem and google that brand, model, and "static ip" and you should find instructions.

2. Setting up Port Forwarding to your server

Now that we've got your Pi server with a known, static, IP address on the internal server, we can start to think about how to reach that server. Your internal (home) network has a gateway address that begins with 192.168.x.x. All the local devices that are connected to your network have an address that's part of the at local network.

But that's not how the Internet reaches your house, because everybody has a gateway address of 192.168.x.x . To reach your home from outside the network, there's an external address that is provided by your Internet Service Provider (ISP), which might be Spectrum, ATT, etc.

Your router or modem manages the connection between the external network and your home's internal network, and usually has a hardware or software-based firewall or other means of access control that only allows certain types of traffic to pass through.

Different types of traffic travel over different ports. Port 22 is typically used for Secure SHell access (SSH), the protocol you're using to log into the server on the Terminal. Port 80 is used for http web address, while port 443 is used for secure https addresses.

Once your server has a fixed IP on your home network, change your network settings so that port 22 on the external gateway is forwarded on to port 22 on your static IP. In my case, I again selected Settings > Advanced > Reservations & Port Forwarding, and set port 22 as both the inbound port and the forward port.

Your router/modem should have a similar feature that you can use.

3. Logging in to your Pi from outside your network

We've just established a way that the outside world can reach our server that would otherwise be only reachable from inside our internal (192.168.x.x) internet. From within your home, you can still log on to the server the way you always have.

We should also be able to log on from outside your home network now as well. Let's test that:

  1. Identify the gateway address of your home network
    Your router/modem will have this information displayed in its interface somewhere, or you can, while logged in to your server, enter:
    $ curl icanhazip.com 47.228.72.128
    The IP address that is displayed is your external IP address. That's what you'll use to log in to your server from outside your home network.
  2. Go to an external network outside your house
    School, Starbuck's, a friend's house, wherever. Get on their network there.
  3. Try to log on to your server
    Rather than ubuntu@192.168.7.200, you'll be using the gateway address:
    $ ssh ubuntu@47.228.72.128 Password:
    If everything has been configured correctly, your login request will be transferred from your gateway IP to the internal IP of the server through port 22.

If you are unable to log in, you've got some troubleshooting to do. :-/ You might have made a mistake in configuring the router/modem, or perhaps your home network situation is more complex, with a firewall or some other security software managing the network.

Time to do some googling to identify what the issue might be!