[lug] Personal Server Behind DSL Router
David L. Anselmi
anselmi at anselmi.us
Thu Jan 11 17:54:06 MST 2007
karl horlen wrote:
> I want to setup a linux mail,web,dns server with
> iptables firewall behind my dsl router.
Actually, you probably don't. But we won't say "I told you so" when you
come back to ask about problems. ;-)
> I was wondering if a server like this is possible if
> all of these services live on a box with a nonpublic
> ip address "behind" a router?
Yes, I do that. NAT works fine.
If you don't have a static IP you'll have problems sending mail to other
servers due to various black lists. It will work if you send via a
smart host but you'll need credentials to use QWest for that.
If you aren't good at spam filtering you may bounce some spam and get
black listed for that. But probably not a serious problem.
Web is easy. DNS is easy if you use the free service from zoneedit.com.
If you really want to run your own read Cricket's book.
I typically don't run iptables on a box like this because all the
services it provides are public. So there isn't anything for iptables
to block (obviously there are some other useful things iptables can do).
But I do have backups and I do expect it to be hacked and rebuilt one
day. So make sure you don't mind losing it, and make sure other
machines don't trust it any more than the Internet. I like bacula and
rdiff-backup.
> I've portfowarded ssh access to this box on the router
> in the past from the outside world.
It's worth moving ssh off port 22, at least externally.
[...]
> I'm not sure but I think inbound requests will
> probably work. I'm more concerned about NAT'ing the
> service replies on the way out since they have no
> public identities.
All of this should work if your router does NAT properly (and for UDP
too). Actiontecs do some odd DNS caching I hear so you might run into
that. But for the most part it will work.
Dave
More information about the LUG
mailing list