[KLUG Members] Dynamic DNS

[bill]

On Thu, 2005-09-15 at 01:13, Lunitix wrote:
> I've set up a dynamic dns for doing some light webserving from home.  

Congratulations.  Dynamic dns is cool.

> I 
> know that putting a machine in a dmz is the best option security-wise, 
> but how much trouble am I asking for by port forwarding to the websever 
> within my network.  I'm not using port 80 for this.  And the only port 
> allowed get thru the router is the alternate port I have set for webserver.

You don't need to do anything special to have a box on your network do
webserving for the computers in the network.  Just turn on apache and
point a browser to that machine's IP address.  All the computers on your
lan should be able to use it.  No outside computers can use it because
your firewall is unchanged and it still (presumably) blocks port 80.

You say you're doing port forwarding, so I'll assume you're doing that
at your firewall.  I'll also assume you do want some outside computers
to access your webserver.  Opening up the web service via a non-standard
port is a common short-term solution.  Someone needs to test/demo
something and so they open it up on another port and try it for a
while.  Wouldn't hurt to put some basic authentication on the main page
to stop anybody who happens to find it accidentally.

If you're going to do it for a while I'd recommend DMZ.  It isn't hard
to do.  Floppyfw has options to config the card, turn DMZ on or off, and
handle port forwarding for web, ssh, etc.  Just pop another eth card in
the box and reboot and configure.  

You should still be able to access the server from inside the network. 
And, worse case scenario, if your web server gets compromised it's
insulated from your network.

kind regards,

bill