Help opening ports on home network to host webserver

Hi everybody, I'm new here and I did introduce myself earlier so feel free to take a look at my post at Introductions.

I've been studying networking and I like applying my knowledge as much as I can to get the best experience but I'm currently just a bit stuck about ports and port forwarding.

They say 'be careful opening your ports, if you don't know what you're doing you can compromise your network!' etc.

But my goal is this; host an apache2 webserver on my Linux laptop or my RPi 3 B+.

This is not difficult, I am able to access the web server from within my LAN. But if I want to be able to access it remotely I need to forward a port from my router to the host of the server. How do I do this securely, as a beginner? What actual risks are there to opening ports just by setting up port forwarding and nothing else? How do I do the same if I want to remotely SSH into my machine at home?

Really appreciate your answers, thank you.

Find more posts tagged with

Security

SAVE $250 on Your Boot Camp — Use Code "EXAM26"

Exclusively for TechExams members for Infosec Boot Camps starting before April 30, 2026

View Boot Camps

Comments

mikey88

ebparadise said:
They say 'be careful opening your ports, if you don't know what you're doing you can compromise your network!' etc.

You can always place the public facing server in a dmz to isolate it from the rest of the network. But most home networks are like a few PCs and a printer. Not in the same exposure level as a business.

Take a look at this website: https://portforward.com/router.htm It'll give you step by step instructions on how to do it based on your router model.

You'll also want to make sure you have a static IP that does not change or may need to look into a dns service like DynDNS. You can also configure your web server to listen on a random port other than :80 Security through obscurity as they call it.

LonerVamp

The risk of opening a port itself is minimal.

The risk comes from whether you know what you're doing with the target of that port forward, namely your apache web server. Are you sure it's set up securely such that someone from the public internet cannot compromise that machine? Same with SSH, if you allow access in from a predictable account (e.g. root) and don't use a strong password, someone may brute force their way in over a few days if you're not watching your logs and/or have settings to prevent that behavior, or prevent that behavior from succeeding.

And yes, setting up apache to host a web site is not that hard, but doing it securely ends up being more advanced...