[TriLUG] Running a server on a dynamic IP (was Re: DSL vs Road Runner ...)

Mike Broome mbroome at employees.org
Wed Jan 16 16:51:56 EST 2002 

On Wed, Jan 16, 2002 at 02:53:02PM -0500, Tanner Lovelace wrote:
> On Wed, Jan 16, 2002 at 10:31:36AM -0500, Sinner from the Prairy wrote:
> > The IP thing *really* anoyes me. I would like to provide a mirror to my 
> > Linux colleagues in Spain (http://www.escomposlinux.org) . But I cannot. So 
> > far, I must use a dyndns.net redirector.
> 
> How should this prevent you from providing a mirror?  Mike Broome and
> Lisa Lorenzin run their entire domain off of a dynamic IP address
> using a similar setup (I believe they have a dynamic domain name
> from some place like dyndns and then for their domain name they
> just point a CNAME at the dyndns name...).  Perhaps one of them
> could explain better...? :-)

Sure, I'll give it a whirl.  Lisa's domain 1000plus.com is run of a
Linux server.  (Originally it was a 486.  Then a P75.  With the latest
move, we upgraded to a P133.  Woohoo!)  When the friend who was hosting
her server -- off of the T1 he had coming into his closet -- moved to a
new apartment and didn't take the T1 with him, we needed to find a new
home for the box.  It's a fairly low-traffic box that provides e-mail
for a few accounts and serves up web pages.  So we decided to bring it
home and set it up off the cable modem.

We're using dyndns.org to map the dynamic IP from RR to a DNS name.  I
run a script (ddclient) on a different Linux box that queries the
router every few minutes to find out if the external IP address has
changed, and if it has, it contacts dyndns to update the record.  DNS
for the domain provided by a couple of friends with servers on the net
configured with CNAMEs pointing to the dyndns name.  One of the friends
is also providing mail secondary for us so that if RR drops of the net
for a while or we lose power at home for longer than the UPS can handle,
we won't lose incoming e-mail.

On the networking side of it, we have a Cisco 2600 as the firewall/NAT
router for the home network -- there are perqs to having been one of the
developers of that box and still have a prototype lying around :) --
that is now providing routing to our trusted home network (a collection
of Linux and Windows boxen) and providing a separate DMZ for the
1000plus.com box.  The inbound ports that need to go to the 1000plus.com
server are statically forwarded to it.  Yeah, it's a paranoid setup, but
that's the way it has to be when you live with a security expert.

So far it has worked great.  The only issue I have with it right now is
that I can't access the www.1000plus.com from the internal net because
it returns the router's external IP address rather than the internal
RFC1918 address, and the router won't forward the packets.  So I'm
planning on setting up split DNS on the home server on the internal net
at some point to work around that.

Let me know if you have any questions.

Mike

-- 
Mike Broome
mbroome(at)employees.org

More information about the TriLUG mailing list