LinuxQuestions.org
LinuxAnswers - the LQ Linux tutorial section.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
Search this Thread
Old 06-13-2011, 09:47 PM   #1
BlackHawk
Member
 
Registered: Mar 2011
Location: Southern California
Distribution: Fedora 14
Posts: 59

Rep: Reputation: 1
can i have the public ip address my isp gives me point back to my linux box?


hello everyone...

Okay here is the situation i have...

I want to do some basic web hosting, mainly for the experience. I have verizon fios for my isp, and what i am wondering is can i have the public ip address that they give me when i connect out to the internet point back to my linux box?

The reason that i am asking this is because i want to register a .com and i would like to have that point back to my linux box, i have looked at a few services and it seems that godaddy.com will do this and they seem to be the best choice. Before i register the .com i turnd on my httpd server but i am not sure how to get the public ip point back to my box...?

I have been doing some research and i am learning about things such as

ddclient
openvpn
port forwarding
nat
dynamic dns

Verizon fios like most isp's uses a dhcp connection meaning that the public ip address i get will change 1-2 a year. What i don't know is how can i setup my network at home preferably with iptables to have that public ip routed back to my linux box at home? I am using fedora 15 for those that are wondering...

Also when i enabled port forwarding and started my web server and tried loading http://mypublicipaddress in firefox i am directed to a verizon page with a login and password prompt.

I am aware that i will need to get certain information from my isp to have their public ip address routed back to my linux box but i am unware of what to ask them...?

If anyone here can tell me the following i will be so happy because it seems like a lot to hosting at home but i really want to learn...

here is what i need to know?

1) What kind of questions and information do i need to ask and get from my isp? DNS info? Logins and Passwords?

2) What do i need to do on my linux box to have that public ip address routed back to my linux box at home?

3) What rules do i need to add to my iptables script to allow this, i know there are certain nat rules that need to be added and port forwarding is needed as well..

4) anything else you can think of that i need to do...

I know this seems like a lot, however i really want to do this to get the experience. If anyone can help me with these answers... i am extremely grateful


Thank you all for your time and help
 
Old 06-13-2011, 10:36 PM   #2
jefro
Guru
 
Registered: Mar 2008
Posts: 11,969

Rep: Reputation: 1484Reputation: 1484Reputation: 1484Reputation: 1484Reputation: 1484Reputation: 1484Reputation: 1484Reputation: 1484Reputation: 1484Reputation: 1484
"what i am wondering is can i have the public ip address that they give me when i connect out to the internet point back to my linux box?"

Umm, well, yes. One of a few ways. You have to know what device has the IP. Many home users may have the IP at a modem or router. So, you'd have to NAT between the router and your box. Some people have the IP at the linux box and use modems or routers as pass through devices.

An IP address is just a number. It has nothing at all to do with the rest of that for the most part.

Most people access the web by a name. (it is really a fully qualified domain name=FQDN) You may wish that but not needed.

We need to know setup to guess other answers.


I'd suggest you look at dynamic dns provides if only for some of the answers. You may not need to pay for a static IP.
 
Old 06-13-2011, 10:51 PM   #3
BlackHawk
Member
 
Registered: Mar 2011
Location: Southern California
Distribution: Fedora 14
Posts: 59

Original Poster
Rep: Reputation: 1
What other information do you need, i would be happy to provide any information that is needed.

basically what i am looking for is a way to open up my linux box to outside users, friends and i may need to be able to log in from outside my home, plus like i said earlier i would like to get the experience.

How can i set it up so if i need to ssh into my box from another network ? Or run a webserver that other people can see that is running off my home fedora box?

Right now my verizon fios modem is plugged directly into my linux box

Is it possible to do all of this on one nic?

Again thank you all for your help and time
 
Old 06-14-2011, 12:37 AM   #4
BlackHawk
Member
 
Registered: Mar 2011
Location: Southern California
Distribution: Fedora 14
Posts: 59

Original Poster
Rep: Reputation: 1
okay here is what i have so far i realized that if i want to use say the public ip address that i get from verizon i need to have a few things configured.

I tried configuring openvpn following the steps from this tutorial here: http://www.webhostingtalk.com/showthread.php?t=595436

I got to the part where he issues the wget command to get a sample of his server config file however the file is no longer available...

when i issue the command: service openvpn start it says [ok]

then i tried adding these lines in my iptables script to redirect my public ipaddress to my linux box:

iptables -A PREROUTING -t nat -i em1 -p tcp --dport 80 -j DNAT --to 192.168.1.3:80
iptables -t nat -A POSTROUTING -s 192.168.1.3 -j SNAT --to 173.XX.XXX.XXX (my public ip address)
iptables -t nat -A POSTROUTING -o em1 -j MASQUERADE
iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -j MASQUERADE
iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -o em1 -j MASQUERADE

i had to play around with these although i know that i am doing something wrong... however when i tried http://mypublicipaddress i didn't get the verzion page it just hung so i know that it is trying to redirect the public ip to my linux box i think that one of my other iptables rules is blocking access however here is the really big issue:

when i did service openvpn status i get this output:

openvpn: service not started

what i dont get is why am i getting this even when it told me that it was started ? I know this is for sure because i didn't configure it right however i am not sure what do next?

any ideas anyone?

also i know that my iptables rules are going to need work any help with that would greatly be appreciated..

Again thank you all for your help and time...
 
Old 06-21-2011, 10:41 AM   #5
strogg
LQ Newbie
 
Registered: Jun 2011
Posts: 2

Rep: Reputation: Disabled
Verizon blocks port 80 for residential users. You will not be able to run a web server on port 80 with FiOS.
 
Old 06-22-2011, 01:50 AM   #6
BlackHawk
Member
 
Registered: Mar 2011
Location: Southern California
Distribution: Fedora 14
Posts: 59

Original Poster
Rep: Reputation: 1
Actually strogg, that may have been an issue with verizon in the past but they do not block any ports any more from what i have found. What i didn't realize was that i was doing things the hard way and what i needed to do was configure my verizon router to enable static nat and port forwarding to have the services i want forwarded back to my linux box. Only problem for me is that i don't really have FULL control over my verizon router which in turn is also a firewall. So i have been doing some studying and what i am going to do is setup my home network like following.

Verizon Router (Transparent) -> Linux Router Box -> switch -> internal network

I can have the the linux router box configured with iptables and nat forward all services i need like ftpd sshd smtp and httpd back to my linux server sitting on my internal lan.

There is just one problem though, i need to do some testing to make sure that the verizon router becomes transparent, meaning i need it to forward everything back to that linux router.

Why do i want to setup a linux os box as a router? Well i have become a huge fan of iptables! I love the full control that it gives you. With iptables you can true control over your firewall. You can be the one to decide what comes in and what goes out, and you are the one really making your lan secure.

Instead of this....

Levles of Security

() Minimal: INPUT ALLOWED OUTPUT ALLOWED

() Medium: INPUT DROP OUTPUT ALLOWED

() FULL: INPUT DROP OUTPUT DROP

I believe there is so much more to firewalls than that, like FRAG DROP, INVALID DROP, SPOOF BLOCK, XMAS BLOCK, LIMIT, HITCOUNT, STATEFULL etc etc

I can't wait to finally have this setup finally finished i just need 1 more box for the linux server to get started really. I am sure when i get started i will have some questions so i will be posting some new threads in no time.

Thank you all for your time and help!
 
Old 06-22-2011, 03:31 AM   #7
ambrop7
Member
 
Registered: May 2011
Distribution: Gentoo
Posts: 98

Rep: Reputation: 16
I would prefer to have the public IP address actually assigned to the Linux box, rather than assigned to the modem device and having NAT forward it to the Linux box. This will make the modem just forward traffic (i.e. the modem won't be able to access the Internet).

If you have full control over the modem device like you claim, and the modem device itself really uses DHCP to get the public address, this can be done as follows:

On the modem device:
- Disable DHCP for the WAN interface (don't assign any IP address).
- Also don't assign any IP address to the LAN interface (but still make sure both interfaces are 'up').
- Bridge the interfaces (assuming they're names eth0 and eth1):
Code:
brcrl addbr br0
brctl addif br0 eth0
brctl addif br0 eth1
ifconfig br0 up
On the Linux box, start DHCP on the interface which is connected to the modem device. This should give you a public IP address. Note that it might be different from what you used to have, because the Linux box has a different MAC address.

Then, if you want other systems to be able to access the network, add en extra network card to the Linux box, plug in a switch, and configure the Linux box to do NAT. I have already told you how you can do that; see this and this. The only difference is that you replace 'tun0' with the name of the new LAN interface.

Last edited by ambrop7; 06-22-2011 at 03:33 AM.
 
Old 06-22-2011, 12:13 PM   #8
strogg
LQ Newbie
 
Registered: Jun 2011
Posts: 2

Rep: Reputation: Disabled
Snooping around a bit I found this:
http://forums.verizon.com/t5/FiOS-In...en/td-p/288175

Looks like you might get lucky and have it not blocked after all, but I wouldn't be surprised if it is blocked. Just know that what you are doing does violate your TOS for your connection, and if you get too much traffic they will come at you.

Best of luck to you!
 
Old 06-23-2011, 03:33 AM   #9
BlackHawk
Member
 
Registered: Mar 2011
Location: Southern California
Distribution: Fedora 14
Posts: 59

Original Poster
Rep: Reputation: 1
ambrop7 hey thanks for the reply

Although i am not sure if i really need to bridge the 2 nic's or if i necessarily need to disable dhcp on my verizon router...

if my linux router box (2 nic's) plugs directly into my verizon router (wan port) then shouldn't i just have to configure dhcp (on the linux router box) to get the public ip address assigned to one of the network cards, either eth0 or eth1 which ever one it ends up being?

Then i have the linux router only forward services i need with iptables back to the linux server which will be sitting behind the linux router so the setup will look like this:

verizon router (wan port) -> linux router (eth0 and eth1) eth0-> dhcp, gets assigned public ip address eth1 -> goes into switch -> from switch linux server and other linux boxes

i think this setup will work i just need to do some more testing, also the verizon router does use dhcp to get the public ip address, i have never configured dhcp before i really have never had a need.

I also can't wait to try and ids on the linux router as well i will for sure run snort and probably aide.

Thanks for the reply, if anyone has any feed back i am interested in any input you might have to say...

Last edited by BlackHawk; 06-23-2011 at 03:48 AM.
 
Old 06-23-2011, 04:48 AM   #10
ambrop7
Member
 
Registered: May 2011
Distribution: Gentoo
Posts: 98

Rep: Reputation: 16
I was not aware that there are three systems involved; I taught there is just the Verizon router and the Linux server.

So I hope I get this right - the Verizon router runs Linux and you have full control over it; this router currently uses DHCP to get a public IP address on the WAN interface (the one that goes to the ISP,
e.g. cable/phone/optical). And this router currently does NAT to allow hosts on its LAN interface (actually your Linux router, whose WAN interface really has a private IP address) to access the Internet.

I don't understand what you mean with "if my linux router box (2 nic's) plugs directly into my verizon router (wan port)". How is that even possible - the router's WAN port goes to the ISP (via the router's internal modem), so how can you possibly plug your Linux router in there? I'm sure you meant "LAN port".
If the Verizon router does use DHCP, and you don't bridge its interfaces, performing DHCP on the LAN interface will give you a LAN IP address, not an Internet IP address. If you want your Linux router to get an Internet IP address, you need to "simulate" as if the Linux router's WAN interface is the same as the Verizon router's WAN interface (where the ISP's DHCP server providing public IP addresses is) - hence, bridging.

If this is right, then my suggestion above is fine: on the Verizon router, disable DHCP (I forgot, client and server - otherwise the router's DHCP server will conflict with your ISP's) and bridge the interfaces, and on the Linux router, on the interface that goes into Verizon's LAN port (call it the WAN interface), run DHCP to obtain a public IP address. Then, as you have already figured out, configure NAT on the Linux router and forward appropriate ports to systems on the LAN interface (e.g. the Linux server).

If your ISP is worth anything, such configuration should really be supported, and you may be able to do this from the Verizon router's web interface; the option would probably be called something with "passthrough" in it. You can also try you ISP's support and tell them what you need.

Also, when asking questions, I suggest that you explain your situation in more detail. For example, Verizon is not the only ISP in existence, and not everyone happens to know exactly how Verizon sets up your Internet.

Last edited by ambrop7; 06-23-2011 at 05:04 AM.
 
Old 12-11-2012, 09:39 PM   #11
aldoguzman97
LQ Newbie
 
Registered: Dec 2012
Posts: 3

Rep: Reputation: Disabled
Lightbulb all you need to know about residential web hosting and server virtualization

OK so just a few day ago I had the same problem as you. I wanted to use my public IP address to host my website and then use a domain to point to it. I was going to use virtual server to keep files nice and clean, but I had a problem loading the local website on my physical machine. All I did to fix that problem was using the bridge feature for the virtual network adapter. I was then able to connect to my Linux server through my physical machine, my next problem was allowing incoming request through my firewall and connect to my server. What I did was go to (star menu -> Windows Firewall with Advanced Security -> Windows Firewall Properties). Once there I allowed all inbound connections. I then had to port forward to port 80 on my modem. type 192.168.1.1 in the address bar and it will take you to your modems bios menu. click on the firewall settings and set the firewall to no security and allow all traffic through the router. then click on port forwarding on the left. click the add link at the bottom of the currently port forwarded IP's. select the "World Wide Web (HTTP)" from the drop down. then enter the local IP address from the Linux server and click apply. There you have it, if you did this correctly you will be able to access your website from another computer. If you would like to set up port forwarding for ssh just click add again but instead of using the "World Wide Web (HTTP)", use the "SSH Secure shell" and click apply.
port 80 is the defult port for mostly all websites, port 22 is the default port for ssh, and you could also add an ftp port which is port 21.
Now if you would like to point your domain to your public IP just chat with tech support from the webhost company you bought your domain from (I recommend http://www.arvixe.com/, and its cheaper than GoDaddy) and tell them to point the domain to your public IP.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Using Linux Laptop as a Public Address System bartonski Linux - Software 3 12-28-2010 05:46 AM
ISP Mail to Linux Box then send to Exchange jstephens84 Linux - Server 2 07-13-2008 09:54 PM
One Box ISP Solution To Run An ISP swamprat Linux - Software 1 05-08-2008 07:25 PM
Configuring Two isp in linux box at a time winxandlinx Linux - Networking 1 05-30-2006 09:06 AM
routing two isp connection to lan using linux box tisson Linux - Networking 2 09-08-2004 09:39 PM


All times are GMT -5. The time now is 11:09 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration