Skip to main content
  1. Building Your Own Server/

Networking Basics for Your Home Server

·1733 words·9 mins

Before you install any services, you need to understand how your home server talks to the rest of your network. This guide covers the fundamentals — IP addresses, ports, DNS, and basic firewall rules. Think of it as your networking 101. Once you understand these concepts, you’ll be able to read other guides, troubleshoot problems, and feel confident instead of guessing.

Why this matters: Every service you install needs to be reachable from your devices. Without a basic grasp of networking, you’ll be stuck wondering “why can’t I open this page?” or “what port do I use?” This guide gives you the tools to answer those questions yourself.

What is an IP Address?
#

An IP address is like a phone number for your devices on a network. Every device — your laptop, your phone, your server, even your smart fridge — needs one so it can send and receive data.

Think of it this way: when you walk into a hotel, the front desk gives you a room number. When you want to deliver something to that room, you give the room number. An IP address works the same way — it tells the network where to send data.

Your home network likely uses addresses that look like 192.168.1.x or 192.168.0.x. These are private addresses, meaning they only work inside your home. Nobody on the internet can reach 192.168.1.50 directly — that’s a good thing for security.

Static vs Dynamic IPs
#

By default, your router hands out IP addresses automatically using something called DHCP. This means your server might get a different IP address every time it reboots. That’s fine for your laptop, but terrible for a server — if the IP changes, you won’t know how to find it.

That’s why we give the server a static IP. A static IP never changes. In the Linux Mint guide, we set the server to 192.168.99.1. This was chosen at random — it’s just a number that’s unlikely to conflict with any other device on your network. You could use 192.168.1.100, 10.0.0.50, 172.16.0.10, or almost anything in the private address ranges. Just make sure:

  • It’s on the same subnet as your router (e.g., if your router is 192.168.1.1, use something like 192.168.1.200)
  • It’s outside your router’s DHCP range (check your router settings to see what range it hands out — often 192.168.1.100 to 192.168.1.200)
  • It doesn’t conflict with any other device

If you pick 192.168.1.250 and your router also gives out 192.168.1.250 to a phone, you’ll have a conflict and things will break. That’s why we recommend using a high number like 99.1 or 1.200 — it’s far away from where the router hands out addresses.

What is a Port?
#

If an IP address is a phone number, a port is the extension you dial after the call connects.

Your server has one IP address, but it might be running dozens of services — a file server, a media player, a password manager. Ports let each service have its own “door” so traffic knows which service to reach.

Ports are numbers from 0 to 65535. Some are reserved for well-known services:

Port Service
80 HTTP (web traffic)
443 HTTPS (encrypted web traffic)
22 SSH (secure remote login)
53 DNS (domain name resolution)

When you visit a website, your browser connects to port 80 (or 443 if it’s secure). When you install Nextcloud, we put it on port 8080 — a non-standard port that your browser can reach by typing http://192.168.99.1:8080. The :8080 tells your browser “go to port 8080 on that IP.”

Why not just use port 80 for everything? Because only one service can listen on a port at a time. If Pi-hole is on port 80, you can’t also run something else on port 80. That’s why each service gets its own unique port.

What is DNS?
#

DNS stands for Domain Name System. It’s the phonebook of the internet.

When you type google.com into your browser, your computer doesn’t actually know what google.com is. It needs to look up the IP address. DNS does that lookup — it takes a human-readable name and turns it into an IP address your computer can use.

Your router also uses DNS. When you set Pi-hole as your network’s DNS server (as described in the Pi-hole guide), you’re telling all your devices to ask Pi-hole “what is the IP of this website?” instead of asking Google’s DNS servers. This is how Pi-hole blocks ads — it intercepts those requests and says “that domain doesn’t exist” for ad servers.

How DNS Works (Simple Version)
#

  1. You type youtube.com into your browser
  2. Your computer asks your DNS server: “What’s the IP for youtube.com?”
  3. The DNS server looks it up and replies: “142.250.185.78”
  4. Your browser connects to that IP address
  5. You watch cat videos

Pi-hole sits at step 2 and blocks certain domains from ever getting an answer.

HTTP vs HTTPS
#

HTTP and HTTPS are the two ways your browser talks to a web server. The difference is security.

HTTP (HyperText Transfer Protocol) sends data in plain text. Anyone who intercepts the traffic — your ISP, a hacker on the same WiFi, the coffee shop owner — can read everything. Your username, password, files, everything. It’s like sending a postcard where anyone can read it.

HTTPS (HyperText Transfer Protocol Secure) encrypts the data. It uses a certificate to create an encrypted tunnel between your browser and the server. Even if someone intercepts the traffic, they can’t read it. It’s like sending a sealed letter.

For your home server, this distinction matters:

  • On your local network, HTTP is “fine” — nobody else is on your network, right? (This is the “lock your front door but leave the windows open” logic.)
  • If you ever expose your server to the internet, HTTPS is mandatory. Never skip it.
  • Browsers now mark HTTP sites as “Not Secure” — you’ll see a warning every time someone opens your server. It looks unprofessional and might confuse family members.

HTTPS requires a certificate. For local-only use, you can generate a self-signed certificate (free, but browsers will warn you). For internet access, you’ll need a proper certificate from a trusted authority like Let’s Encrypt (free). We’ll cover this in a future guide on remote access.

For now, just know that all the services in this guide run on HTTP over non-standard ports (8080, 8081, 8000, etc.) because we’re assuming local-only access. That’s okay for learning and for home use.

Basic Firewall Rules with UFW
#

A firewall is like a bouncer at the door of your server. It decides which traffic is allowed in and which gets turned away. Even on a home network, a firewall is a good habit to build.

Linux Mint comes with UFW (Uncomplicated Firewall), which is a simple way to manage firewall rules. Here’s how to set it up.

Install and Enable UFW
#

sudo apt install ufw
sudo ufw default deny incoming
sudo ufw default allow outgoing
sudo ufw enable

This tells the firewall: “Block everything coming in by default, but let everything go out.” This is the safest starting point.

Allow the Ports You Need
#

Now you open the specific ports for the services you’re running. For example, if you’re running Jellyfin on port 8096:

sudo ufw allow 8096/tcp

If you’re running multiple services, add a rule for each one:

sudo ufw allow 8080/tcp   # Nextcloud
sudo ufw allow 8081/tcp   # Vaultwarden
sudo ufw allow 8096/tcp   # Jellyfin
sudo ufw allow 8000/tcp   # Paperless-ngx
sudo ufw allow 22/tcp     # SSH (if you need remote terminal access)

TCP is used by almost all web services. UDP is used by things like DNS and some media streaming — you typically don’t need to open UDP ports unless a specific service requires it.

Check Your Rules
#

sudo ufw status verbose

You should see a list of allowed ports. If something looks wrong, you can delete a rule:

sudo ufw delete allow 8096/tcp

What UFW Protects You From
#

  • Accidental exposure: If you accidentally open a port on your router, UFW still blocks outside traffic from reaching your server
  • Port scans: Automated bots scanning your network will see closed ports instead of open services
  • Mistakes: If you misconfigure a service and it listens on an unexpected port, UFW is your safety net

You don’t need complex firewall rules for a home server. The default-deny policy with a handful of allowed ports is more than enough.

Troubleshooting Networking Issues
#

Here are the most common problems and how to fix them:

“I can’t reach my server from another device”
#

  1. Check the IP address: Make sure you’re using the right IP. On the server, run hostname -I to see its IP.
  2. Ping the server: From another device, run ping 192.168.99.1. If it doesn’t respond, check your network connection.
  3. Check the port: Make sure you’re using the right port. Nextcloud is on 8080, not 80.
  4. Check the firewall: Run sudo ufw status on the server to see if the port is allowed.
  5. Check the service: Run sudo docker ps (or systemctl status <service>) to make sure the service is actually running.

“The page loads but it looks broken”
#

This usually means you’re hitting the right IP but the wrong port, or the service is still starting up. Wait a minute and try again. If it persists, check the logs: sudo docker logs <container-name>.

“I changed my IP and now nothing works”
#

This is why we set static IPs! If your IP changed, update all your bookmarks and any other devices that were using the old address. Going forward, stick with the static IP setup from the Mint guide.

Summary
#

  • IP address = where a device lives on the network. Give your server a static one.
  • Port = which door to use once you’re at the address. Each service gets its own.
  • DNS = the phonebook that turns names into IPs. Pi-hole gives you control over this.
  • HTTP vs HTTPS = plain text vs encrypted. Fine for local, mandatory for internet.
  • UFW firewall = the bouncer that blocks unwanted traffic. Default-deny with specific allows.

With these basics under your belt, you’re ready to install services and know exactly how to reach them. Every guide in this section builds on these concepts — the IP addresses, ports, and DNS settings you learn here will come up again and again.