You have three different network zones:

• The external zone, which is internet or in general anywhere outside your home. This will be on the other side of your ISP gateway/router/access point. It's considered dangerous and hic sunt leones.
• The internal zone, which is your home network, it's considered safe and comfy. Do not let unknown strangers have the WiFi password!
• The gray zone: between your server and the ISPs gateway/router/access point. There is nothing here except all your NAT-ed traffic.

The internal network will be described in details later on. I assume you will choose a subnet like 10.0.0.0/24 for it. I suggest you don't use a subnet in the 192.168.x.y range as many of these ranges are already used by ISP routers and devices and in case of a clash you might end up having to replace addresses on all your internal hosts, and this can be a mess. A good idea is to use the 10.a.b.c ranges and choose something meaningful like, if you live at Via Roma 68, zip 4012, yo could choose 10.40.68.c as subnet.

The gray zone is dependent on your ISP, i will assume your ISP uses 192.168.1.0/24 subnet for it. For resillience, i will show you how to setup two upstream ISPs so that you can have two exit points and be able to phone home even when one goes down.

The external network is assumed to be behind CG-NAT (Carrier Grade NAT) and thus you do not have, and cannot have, a static IP visible from outside in any possible way. This is the commnon truth for mostly everybody nowadays.

For you lucky from the USA, where sometimes you can (maybe paying, or even for free) get a static IP, this might not apply, but since the world is big and 99% of people cannot access a static IP anymore…

Your home server will require two different network interfaces, either wired or WiFi doesn't matter.

Your remote servers must be reachable using your domain name (i will assume mydomain.com) whatever that means for you, as far it's reachable with that domain, it's good. You should reserve a dedicated additional sub-domain like remote.mydomain.com because i will show you how to reflect the DNS setup on the internal network to point to your home server, so accessing your remote server from internal network will require the remote.mydomain.com name.

I am a big Gentoo fan since decades, so my choice specially for servers is always Gentoo. More on this later on. Both servers will be Gentoo servers.

The internal server will host all the services.

Remote, external, server is hosted somewhere on the network. It acts as a thin client redirecting connections to the internal server.

The advantages of this solution are:

• Secure setup (encrypted tunnel to home, all services exposed trough https)
• Easy maintenance: only an SSH tunnel, the front end has nothing else installed except SSH.
• Low cost: grab the chapest VPS you can find and it will work just fine.

The goal will be to host one or more of the following services for yourself and your family in a secure and remotely accessible way:

• webcam / DVR access
• Photo backup and storage
• Private files sharing
• Sailing access
• Home Automation services
• GIT and such
• Printer and scanner
• Mobile devices synchronization
• more…