Re: Public-facing webserver?
"The thing is that all the routers I've ever come across only allow access to the web-based admin interface from the internal LAN"
Some do and indeed are set by default to allow access from outside - very dangerous esp. with poor default username/password. I manage mine when away from home (~1/2 the year) by ssh into the system to my fileserver and admin the router from there. The ssh port, which is the only exposed port, is a non-standard and the only username allowed is very unusual and the password is 20 digit hideous. In 10 years I've never had a port scan that hit the ssh port although I used to get lots going for 22 until I blocked most low ports off at my ISP