I just setup an older machine with Red Hat 8 and would like to use it as a webserver for my home domain and have it act as a firewall. I have two questions surrounding this scenario and thought one of you experts could help.

1) Can I setup the same machine as the webserver and firewall? I don't want to have two machines running 24x7. This is mostly for personal use / testing.

2) I have a broadband connection and don't want to get a static IP for hosting my site. I was looking into using something like EveryDNS.net to point to my site. How would I go about setting this up?

1) yes, mine is. i use firestarter to buld it all for me.

2) pick a provider that support linux and follow it's instructions. i used to use dynu.com

I've found that if you do not reset the machine or device(i.e. router) connected to your cable modem then your IP address will not change. Its simply impossible. So if you set up your server and are content with it, as long as you don't reboot your IP address will not change. You just don't give it a chance to release and renew your IP address. Even if it does, you can simply go to the place you registered your domain with and change the address real quick. It works almost instantaneously.

Your IP is *always* up for change at the whim of your ISP, mine has only changed once in 10 months, but when it does I can not stop it. If your ISP deceides you are going to have a new IP, then you will.

So your IP changes without rebooting?

Yep

Very rarely, but my ISP doesn't exactly want webservers running on the Cable Modem, (they can charge more for a static IP). So, They do change it from time to time.

Couple of things here:
- dhcp sets 'expiry' dates/time for ip addressesd you get allocated. Many isps set expiry rather high, but sooner or later, reboot or not, your ip expires. With many ISPs when your ip expires, you just get a new certificate (new expiry date/time) for your ip address - so you address does not necessarily change. It really depends on your isp - my previous ISP renewed my ip every day! Like Earp says - they do that c'se to try and prevent you from running a webserver on your cambel modem (see next bullet point for ways around that!)
- there are plenty of scripts around that periodically chack you ip address. If you use a service like dyndns ( www.dyndns.org ) they'll point you to scripts to detect change in your ip address - these scripts can then 're-set' your ip address to match the domain you want to serve. ( another one to check is www.sytes.net (that's a service called no-ip)). This mechanism is like an automated version of what CrashedAgain mentioned. Any dynamic-ip webname provider will provide such scripts - look around in their support pages.
- to answer your very first question: yes you can run a firewall and a webserver on the same machine. The way to set that up safely is to have iptables running, and to configure it to allow incoming traffic on port 80 (or whatever port your webserver is running). However, many ISPs block incoming traffic to port 80 (again to prevent users from setting up webservers). In that case, run apache on a higher number port (I run mine on port 30000). To do that, you need to define port 30000 (or whichever port you use) in your /etc/services file as a port for http traffic (copy/past the lines for port 80 and replace 80 by port number you want to use). You will have to add a line "listen 30000" in you httpd.conf file. And there you go. To access the server from within a browser you'll need to add the port number in the url - that's done like http://pingpongball.sytes.net:30000 . Don't forget to open port 3000 on your iptables. As acid_kewpie said you can use firestarted to manage iptables.

Just my 2cts - hope this helps.

Tom


PS - as for the comment that as long as you do not reboot your machine your IP will not change ... um.... not exactly correct. A) If you're on a cable modem, the IP is actually set on the cable modem, and that one CAN change any time. (not sure how that works with dsl modems, tough). B) if you run dhcp as far as I know the expiry mechanism is part of the dhcp implementation - you cannot get around that either! You might set up to get a dhcp address, and once you got it stop the dhcp subsystem and switch to a fixed ip address. Then, indeed your ip address will never change as long as the server is up. However, if your ISP decides it's time to give yo a new IP, it will only service the new ip off your cable modem. Since you'r enot runnin dhcp, your is on your server will not change, and hence it won't match the ip your isp is willing to service off you modem - result: no more connection ;-(

Yes. I've done this with machines as lowly as a 486. The fun part is that the rest of the world doesn't really know your server is a firewall, it looks, acts, and smells like a normal linux box.

Do you have a domain yet? If not, get one registered. You can't do diddly without a TLD. (Unless you have a friend who doesn't mind you using theirs.) Once you have it registered, and the arrangements made with a dynamic DNS service, pop on freshmeat.net and look around for programs that will automaically re-register your computer's address. (Personally, I write my own scripts for that, I can't vouch for the off-the-shelf stuff.)

Having your own server is a very rewarding experience. It's not practical in the least bit, but what hobby is? It's how I got my start, and look at me now, I'm a Senior Network Engineer!

My IP doesn't actually change, it just screws up my connection until I reload the network, and I magically have a new IP given to me. My IP is generally static, and rebooting doesn't ever give me a new IP, so it's definitely because my IP lease with my ISP has expired or something