[lug] Personal Server Behind DSL Router

[David L. Anselmi]

karl horlen wrote:
>> Actually, you probably don't.  But we won't say "I
>> told you so" when you 
>> come back to ask about problems. ;-)
> 
> uhoh.. ;-)..
> 
>> If you don't have a static IP you'll have problems
>> sending mail to other 
>> servers due to various black lists.  It will work if
>> you send via a 
>> smart host but you'll need credentials to use QWest
>> for that.
> 
> What do you mean by need credentials?  I am using
> qwest.

Last I checked QWest's mail servers required a user name and password to 
use them.

>> If you aren't good at spam filtering you may bounce
>> some spam and get black listed for that.  But probably not a serious
>> problem.

> If I'm set up to not relay from the outside world how
> would I bounce spam?  Not sure I follow you here.

A bounce (non-delivery report) is not a relay.  As long as you aren't 
accepting any mail and then bouncing it you probably won't have trouble. 
  But take it slow and make sure you understand the concepts as you 
configure things.

>> make sure other 
>> machines don't trust it any more than the Internet. 
> 
> As I said above, I will probably be accessing this box
> from my internal network.  ssh, admin, sftp, mail
> realy and probably other things i haven't thought of
> yet.  I'm going to have to trust it.  How can I not?

Trust means give it access to your other internal machines.  When it 
gets hacked the attackers will be able to access all the services on 
your internal network, unless you have a firewall between them.  You 
want the public server to be in a "DMZ", not on the internal network. 
O'Reilly has a book on firewalls, too (you can probably get it through 
the library).

> Are there any best practices or configurations to
> limit brute force attacks on open ports like ssh? 

The only one I've ever needed is to move it off the default port.

Dave