can i have the public ip address my isp gives me point back to my linux box?
Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Introduction to Linux - A Hands on Guide
This guide was created as an overview of the Linux Operating System, geared toward new users as an exploration tour and getting started guide, with exercises at the end of each chapter.
For more advanced trainees it can be a desktop reference, and a collection of the base knowledge needed to proceed with system and network administration. This book contains many real life examples derived from the author's experience as a Linux system and network administrator, trainer and consultant. They hope these examples will help you to get a better understanding of the Linux system and that you feel encouraged to try out things on your own.
Click Here to receive this Complete Guide absolutely free.
can i have the public ip address my isp gives me point back to my linux box?
Okay here is the situation i have...
I want to do some basic web hosting, mainly for the experience. I have verizon fios for my isp, and what i am wondering is can i have the public ip address that they give me when i connect out to the internet point back to my linux box?
The reason that i am asking this is because i want to register a .com and i would like to have that point back to my linux box, i have looked at a few services and it seems that godaddy.com will do this and they seem to be the best choice. Before i register the .com i turnd on my httpd server but i am not sure how to get the public ip point back to my box...?
I have been doing some research and i am learning about things such as
Verizon fios like most isp's uses a dhcp connection meaning that the public ip address i get will change 1-2 a year. What i don't know is how can i setup my network at home preferably with iptables to have that public ip routed back to my linux box at home? I am using fedora 15 for those that are wondering...
Also when i enabled port forwarding and started my web server and tried loading http://mypublicipaddress in firefox i am directed to a verizon page with a login and password prompt.
I am aware that i will need to get certain information from my isp to have their public ip address routed back to my linux box but i am unware of what to ask them...?
If anyone here can tell me the following i will be so happy because it seems like a lot to hosting at home but i really want to learn...
here is what i need to know?
1) What kind of questions and information do i need to ask and get from my isp? DNS info? Logins and Passwords?
2) What do i need to do on my linux box to have that public ip address routed back to my linux box at home?
3) What rules do i need to add to my iptables script to allow this, i know there are certain nat rules that need to be added and port forwarding is needed as well..
4) anything else you can think of that i need to do...
I know this seems like a lot, however i really want to do this to get the experience. If anyone can help me with these answers... i am extremely grateful
"what i am wondering is can i have the public ip address that they give me when i connect out to the internet point back to my linux box?"
Umm, well, yes. One of a few ways. You have to know what device has the IP. Many home users may have the IP at a modem or router. So, you'd have to NAT between the router and your box. Some people have the IP at the linux box and use modems or routers as pass through devices.
An IP address is just a number. It has nothing at all to do with the rest of that for the most part.
Most people access the web by a name. (it is really a fully qualified domain name=FQDN) You may wish that but not needed.
We need to know setup to guess other answers.
I'd suggest you look at dynamic dns provides if only for some of the answers. You may not need to pay for a static IP.
What other information do you need, i would be happy to provide any information that is needed.
basically what i am looking for is a way to open up my linux box to outside users, friends and i may need to be able to log in from outside my home, plus like i said earlier i would like to get the experience.
How can i set it up so if i need to ssh into my box from another network ? Or run a webserver that other people can see that is running off my home fedora box?
Right now my verizon fios modem is plugged directly into my linux box
I got to the part where he issues the wget command to get a sample of his server config file however the file is no longer available...
when i issue the command: service openvpn start it says [ok]
then i tried adding these lines in my iptables script to redirect my public ipaddress to my linux box:
iptables -A PREROUTING -t nat -i em1 -p tcp --dport 80 -j DNAT --to 192.168.1.3:80
iptables -t nat -A POSTROUTING -s 192.168.1.3 -j SNAT --to 173.XX.XXX.XXX (my public ip address)
iptables -t nat -A POSTROUTING -o em1 -j MASQUERADE
iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -j MASQUERADE
iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -o em1 -j MASQUERADE
i had to play around with these although i know that i am doing something wrong... however when i tried http://mypublicipaddress i didn't get the verzion page it just hung so i know that it is trying to redirect the public ip to my linux box i think that one of my other iptables rules is blocking access however here is the really big issue:
when i did service openvpn status i get this output:
openvpn: service not started
what i dont get is why am i getting this even when it told me that it was started ? I know this is for sure because i didn't configure it right however i am not sure what do next?
any ideas anyone?
also i know that my iptables rules are going to need work any help with that would greatly be appreciated..
Actually strogg, that may have been an issue with verizon in the past but they do not block any ports any more from what i have found. What i didn't realize was that i was doing things the hard way and what i needed to do was configure my verizon router to enable static nat and port forwarding to have the services i want forwarded back to my linux box. Only problem for me is that i don't really have FULL control over my verizon router which in turn is also a firewall. So i have been doing some studying and what i am going to do is setup my home network like following.
I can have the the linux router box configured with iptables and nat forward all services i need like ftpd sshd smtp and httpd back to my linux server sitting on my internal lan.
There is just one problem though, i need to do some testing to make sure that the verizon router becomes transparent, meaning i need it to forward everything back to that linux router.
Why do i want to setup a linux os box as a router? Well i have become a huge fan of iptables! I love the full control that it gives you. With iptables you can true control over your firewall. You can be the one to decide what comes in and what goes out, and you are the one really making your lan secure.
Instead of this....
Levles of Security
() Minimal: INPUT ALLOWED OUTPUT ALLOWED
() Medium: INPUT DROP OUTPUT ALLOWED
() FULL: INPUT DROP OUTPUT DROP
I believe there is so much more to firewalls than that, like FRAG DROP, INVALID DROP, SPOOF BLOCK, XMAS BLOCK, LIMIT, HITCOUNT, STATEFULL etc etc
I can't wait to finally have this setup finally finished i just need 1 more box for the linux server to get started really. I am sure when i get started i will have some questions so i will be posting some new threads in no time.
I would prefer to have the public IP address actually assigned to the Linux box, rather than assigned to the modem device and having NAT forward it to the Linux box. This will make the modem just forward traffic (i.e. the modem won't be able to access the Internet).
If you have full control over the modem device like you claim, and the modem device itself really uses DHCP to get the public address, this can be done as follows:
On the modem device:
- Disable DHCP for the WAN interface (don't assign any IP address).
- Also don't assign any IP address to the LAN interface (but still make sure both interfaces are 'up').
- Bridge the interfaces (assuming they're names eth0 and eth1):
On the Linux box, start DHCP on the interface which is connected to the modem device. This should give you a public IP address. Note that it might be different from what you used to have, because the Linux box has a different MAC address.
Then, if you want other systems to be able to access the network, add en extra network card to the Linux box, plug in a switch, and configure the Linux box to do NAT. I have already told you how you can do that; see this and this. The only difference is that you replace 'tun0' with the name of the new LAN interface.
Looks like you might get lucky and have it not blocked after all, but I wouldn't be surprised if it is blocked. Just know that what you are doing does violate your TOS for your connection, and if you get too much traffic they will come at you.
Although i am not sure if i really need to bridge the 2 nic's or if i necessarily need to disable dhcp on my verizon router...
if my linux router box (2 nic's) plugs directly into my verizon router (wan port) then shouldn't i just have to configure dhcp (on the linux router box) to get the public ip address assigned to one of the network cards, either eth0 or eth1 which ever one it ends up being?
Then i have the linux router only forward services i need with iptables back to the linux server which will be sitting behind the linux router so the setup will look like this:
verizon router (wan port) -> linux router (eth0 and eth1) eth0-> dhcp, gets assigned public ip address eth1 -> goes into switch -> from switch linux server and other linux boxes
i think this setup will work i just need to do some more testing, also the verizon router does use dhcp to get the public ip address, i have never configured dhcp before i really have never had a need.
I also can't wait to try and ids on the linux router as well i will for sure run snort and probably aide.
Thanks for the reply, if anyone has any feed back i am interested in any input you might have to say...
I was not aware that there are three systems involved; I taught there is just the Verizon router and the Linux server.
So I hope I get this right - the Verizon router runs Linux and you have full control over it; this router currently uses DHCP to get a public IP address on the WAN interface (the one that goes to the ISP,
e.g. cable/phone/optical). And this router currently does NAT to allow hosts on its LAN interface (actually your Linux router, whose WAN interface really has a private IP address) to access the Internet.
I don't understand what you mean with "if my linux router box (2 nic's) plugs directly into my verizon router (wan port)". How is that even possible - the router's WAN port goes to the ISP (via the router's internal modem), so how can you possibly plug your Linux router in there? I'm sure you meant "LAN port".
If the Verizon router does use DHCP, and you don't bridge its interfaces, performing DHCP on the LAN interface will give you a LAN IP address, not an Internet IP address. If you want your Linux router to get an Internet IP address, you need to "simulate" as if the Linux router's WAN interface is the same as the Verizon router's WAN interface (where the ISP's DHCP server providing public IP addresses is) - hence, bridging.
If this is right, then my suggestion above is fine: on the Verizon router, disable DHCP (I forgot, client and server - otherwise the router's DHCP server will conflict with your ISP's) and bridge the interfaces, and on the Linux router, on the interface that goes into Verizon's LAN port (call it the WAN interface), run DHCP to obtain a public IP address. Then, as you have already figured out, configure NAT on the Linux router and forward appropriate ports to systems on the LAN interface (e.g. the Linux server).
If your ISP is worth anything, such configuration should really be supported, and you may be able to do this from the Verizon router's web interface; the option would probably be called something with "passthrough" in it. You can also try you ISP's support and tell them what you need.
Also, when asking questions, I suggest that you explain your situation in more detail. For example, Verizon is not the only ISP in existence, and not everyone happens to know exactly how Verizon sets up your Internet.
all you need to know about residential web hosting and server virtualization
OK so just a few day ago I had the same problem as you. I wanted to use my public IP address to host my website and then use a domain to point to it. I was going to use virtual server to keep files nice and clean, but I had a problem loading the local website on my physical machine. All I did to fix that problem was using the bridge feature for the virtual network adapter. I was then able to connect to my Linux server through my physical machine, my next problem was allowing incoming request through my firewall and connect to my server. What I did was go to (star menu -> Windows Firewall with Advanced Security -> Windows Firewall Properties). Once there I allowed all inbound connections. I then had to port forward to port 80 on my modem. type 192.168.1.1 in the address bar and it will take you to your modems bios menu. click on the firewall settings and set the firewall to no security and allow all traffic through the router. then click on port forwarding on the left. click the add link at the bottom of the currently port forwarded IP's. select the "World Wide Web (HTTP)" from the drop down. then enter the local IP address from the Linux server and click apply. There you have it, if you did this correctly you will be able to access your website from another computer. If you would like to set up port forwarding for ssh just click add again but instead of using the "World Wide Web (HTTP)", use the "SSH Secure shell" and click apply.
port 80 is the defult port for mostly all websites, port 22 is the default port for ssh, and you could also add an ftp port which is port 21.
Now if you would like to point your domain to your public IP just chat with tech support from the webhost company you bought your domain from (I recommend http://www.arvixe.com/, and its cheaper than GoDaddy) and tell them to point the domain to your public IP.