Your own privacy-aware, personally controlled server, part four
Thu, 23 Aug 2012
This is part four of a series. I'm going to assume that you've already the previous parts. If not they're linked to from the archive.
I'll continue with the same theme as last time: Your internet connection.
You may be connected (more or less) directly to the internet, meaning that your computer has a "public" IP address assigned directly to it or there may be a router in your home (often, the very same device that handles your internet connection) that hands out a "private" IP address instead. If you have this later setup there are additional things to consider when setting up your server.
For some background, every device connected to the internet requires a unique address. Version 4 of the Internet Protocol (aka IPv4) can, at most, support just a little bit under 4.3 billion unique IP addresses. Since a single person could easily own a cell phone, home computer, work computer, wireless tablet, wireless ebook reader and video game system, each of which could be connected to the internet and each of which would need their own IP address, it becomes easy to see how 4.3 billion addresses are nowhere near enough to provide an address for every device on the planet.
A private IP address is a way to conserve these 4.3 billion IP addresses by using a single public IP address assigned to your router for a block of locally connected computers or other devices. It can also also lower your costs since you need fewer public addresses because most ISPs will charge extra for multiple public IP addresses.
Imagine a ten-person office where everyone needs to participate in a conference call. One way to do this is to have everyone dial into the conference call from their phones at their desks. Another way to accomplish this is to have them all sit in the conference room where a high-quality conference phone broadcasts the call to all of them. The latter is an example of how private IP addresses work -- although everyone gets to hear and speak on the call, they connect through a single point of contact. The phone is the router, and each person's "connection" to the call is through a private address -- they get to hear it with their own ears, but the signal comes through the one phone.
Using this method a router which is connected to the internet assigns every computer connected to it a unique private IP address, but then aggregates all of the inputs and outputs from all of those computers and sends it to the internet over its own single address. Depending on how the router is configured, it could give every computer a specific address, or randomly assign them as needed. Since many ISPs charge extra for multiple public IP addresses, using private IP addresses can reduce your connection charges by needing only a handful of public IP addresses -- usually just one -- to serve tens, hundreds or even thousands of computers and devices at a single location but this also creates an additional level of administration for you.
Since your router could potentially assign a different private IP address to your server at different times one thing you should do is configure your router to always give your server the same private IP address all the time. This is similiar in concept to having a static public IP address but your ISP isn't involved in this: It's just you & your router. Your server will need a fixed private IP address because your internet traffic is going through a public single IP address and your router needs to know where to send incoming connections to. If your server's private IP address changes that mapping will need to be updated or your server won't be accesible from the outside world anymore. The exact way to do this depends on the make and model of your router and there are so many I can't possibly cover them all. If your router doesn't offer the option to assign a static private IP address to your server one work around is to configure your server for a manual address rather than asking your router for one. I'll cover that when I get to the part of installing Trisquel.
In addition to a static private IP address, each program you run on your server that needs to communicate over the internet will listen for incoming connections on a so-called "port." There needs to be some sort of standard so an organization called IANA (short for the "Internet Assigned Numbers Authority") maintains the official list of what ports should be used for different things. If this didn't exist you would somehow need to know in advance what port someone's web server was listening on before you could access the site. Fortunately most people follow this list and all you need to do is type in their domain name or IP address. Your browser knows to automatically try connecting on port 80, or port 443 for a secure connection.
In addition, most routers act as firewalls and block incoming connections by default. For each port that you want to accept connections on from the outside world -- whether it's for your web server, email, instant messaging, or something else -- you'll need to do two things: Configure your router to accept the incoming connection on that particular port, and then specify which private IP address that connection should be forwarded to so that it can be received and properly handled by your server. This is often referred to as "port forwarding" or "port mapping" or "opening a port" or "poking a hole" in your router/firewall or other such similiar terms. Just like assigning a static private IP address the exact way to do this depends on the make and model of your router and there are so many I can't possibly cover them all. Time for more reading. There's no need to open any ports just yet since your server isn't even running and you can always open and close ports as needed, but you need to know about how to do this in your particular router.
IPv4 is well into the process of being replaced by IPv6, a new standard for Internet communications. Under IPv6, the number of addresses is orders of magnitude larger than under IPv4, eliminating the concern about a potential shortage of addresses in the foreseeable future. Nevertheless, private IP addresses still make sense. Not only do they still represent good stewardship of network resources, but they also make it easier for system and network administrators to route and control internet traffic by having it pass through a single connection over a single router.
At this point I think I've covered all of the prep work so I think it's time to move on to installing and setting up Trisquel, but that's for another article.