[lug] Personal Server Behind DSL Router
Ken MacFerrin
lists at macferrin.com
Thu Jan 11 17:12:14 MST 2007
karl horlen wrote:
> I want to setup a linux mail,web,dns server with
> iptables firewall behind my dsl router.
>
> It will not be heavily trafficked and is purely for
> personal use and half just for the fun of the project.
>
> I was wondering if a server like this is possible if
> all of these services live on a box with a nonpublic
> ip address "behind" a router?
As long as your router has the capability to forward multiple ports then
this should be easy. For the services you listed above you'll need to
forward ports 25, 53 & 80. The only thing you need to make sure of is
that your ISP doesn't filter incoming traffic on those ports at their
firewall. If they do then the workaround gets slightly more complex.
>
> I've portfowarded ssh access to this box on the router
> in the past from the outside world.
>
> So the question is can I portforward services for
> mail, dns and apache as well and then setup my dns so
> that outside lookups on www.domain.com and
> mail at domain.com actually resolve through dns that
> lives behind my router (dns would have to point to my
> router public address) and my web and mail services
> function correctly?
Yep.. but if the IP address for your DSL connection isn't static then
you'll want to use a Dynamic DNS (DDNS) service. I've personally used
EveryDNS.net but there's quite a few out there. Also, if you don't have
a static IP then you don't want to try and run public DNS from that
connection. You'd be much better served by using a service like I
mentioned above for all your external DNS.
>
> I'm not sure but I think inbound requests will
> probably work. I'm more concerned about NAT'ing the
> service replies on the way out since they have no
> public identities.
>
The replies should be handled for you automagically by NAT . Just be
aware that your outgoing packets will reveal the internal IP address of
the server unless you go to the extra trouble of configuring the
services to hide this information (which doesn't really gain you
anything in most cases).
-Ken
More information about the LUG
mailing list