[lug] Personal Server Behind DSL Router

[Ken MacFerrin]

karl horlen wrote:
>> forward ports 25, 53 & 80.  The only thing you need
>> to make sure of is
>> that your ISP doesn't filter incoming traffic on
>> those ports at their
>> firewall.  If they do then the workaround gets
>> slightly more complex.
> 
> if they did firewall those ports, how could i get
> around that?

You would then need to setup your DNS with a provider that supports URL
redirection (like no-ip.com or dyndns.com).  These services will
redirect standard requests to port 80 to an alternate port for your
service that you have setup on your server that is not blocked (ie
8080).  The other option is to simply switch to an ISP that doesn't make
you just through these hoops.  I use Qwest/FRII (www.frii.com) myself
and have been happy so far.


>> The replies should be handled for you automagically
>> by NAT .  Just be
>> aware that your outgoing packets will reveal the
>> internal IP address of
>> the server unless you go to the extra trouble of
>> configuring the
>> services to hide this information (which doesn't
>> really gain you
>> anything in most cases).
> 
> How would you actually do that?  Do you do that at the
> service level (a config file setting) or do you do
> that at the iptables level?
> 

At the IP level this should happen automatically.  The router will
rewrite the packets on the fly and substitute your internal IP with the
external address and then keep a record of this mapping for return
packets.  The problem mainly exists at the services level.  For things
like SMTP you would need to configure the service itself to hide or
rewrite the first hop of outgoing email headers (see the earlier "Simple
mail MTA setup?" thread for examples with Postfix). With HTTP you need
to configure apache not to provide the IP address in it's error messages
and such.
-Ken