[lug] Personal Server Behind DSL Router
David L. Anselmi
anselmi at anselmi.us
Thu Jan 11 21:33:56 MST 2007
karl horlen wrote:
>> Actually, you probably don't. But we won't say "I
>> told you so" when you
>> come back to ask about problems. ;-)
>
> uhoh.. ;-)..
>
>> If you don't have a static IP you'll have problems
>> sending mail to other
>> servers due to various black lists. It will work if
>> you send via a
>> smart host but you'll need credentials to use QWest
>> for that.
>
> What do you mean by need credentials? I am using
> qwest.
Last I checked QWest's mail servers required a user name and password to
use them.
>> If you aren't good at spam filtering you may bounce
>> some spam and get black listed for that. But probably not a serious
>> problem.
> If I'm set up to not relay from the outside world how
> would I bounce spam? Not sure I follow you here.
A bounce (non-delivery report) is not a relay. As long as you aren't
accepting any mail and then bouncing it you probably won't have trouble.
But take it slow and make sure you understand the concepts as you
configure things.
>> make sure other
>> machines don't trust it any more than the Internet.
>
> As I said above, I will probably be accessing this box
> from my internal network. ssh, admin, sftp, mail
> realy and probably other things i haven't thought of
> yet. I'm going to have to trust it. How can I not?
Trust means give it access to your other internal machines. When it
gets hacked the attackers will be able to access all the services on
your internal network, unless you have a firewall between them. You
want the public server to be in a "DMZ", not on the internal network.
O'Reilly has a book on firewalls, too (you can probably get it through
the library).
> Are there any best practices or configurations to
> limit brute force attacks on open ports like ssh?
The only one I've ever needed is to move it off the default port.
Dave
More information about the LUG
mailing list