When Port Forwarding Attacks
Certain makes of routers including popular netgear models have an annoying feature if you want to host a website on a machine inside your LAN. Say you’ve updated your DNS records so that www.example.com points to your static IP and you’ve set up port forwarding (or put the host machine in a DMZ) on the router. Everything should be working fine but it pays to check. However you can’t. The router misinterprets any attempt you make to view www.example.com from within your own network into an attempt to access the router itself.
Rather than run out to a web cafe every time you want to check your site, a workaround in linux is to edit your /etc/hosts file and add an entry like the following to the bottom:
192.168.1.1 www.example.com
Where 192.168.1.1 is the internal IP address of your hosting machine and www.example.com the internet address.
The disadvantage of this method is that it will not catch misconfigured absolute addresses on your website but if you make a point of using relative links you should avoid this.
For example, a link to your images folder hardcoded as:
http://192.168.1.1/images
will work when viewed by yourself because your machine will translate the IP address to www.example.com but will not work for anyone else looking at the site from the wider internet.
http://www.example.com/images
is better, but
/images
is best of all. You’ll thank yourself for using this format if/when you shift the site to a different machine in the future.