1

I want to setup a web server. I'v already obtained static IP and I have debian server running with apache+nginx. And, I want to make my webserver visible from outside of the office.

Here I have following scheme of routers -

  1. Provider router(or modem?), which gets phone connection and gives internet to whole office.
  2. Router(TP-Link TL-R860) which connects to router 1.
  3. WI-FI Router (TRENDNET TEW-652BRP), which connects to router 2.
  4. Web server, which connects to router 3.

It is possible at all somehow to get what I want or for example, I need to somehow reconfigure all connections?

Jevgeni Smirnov
  • 492
  • 1
  • 6
  • 22

1 Answers1

2

Disconnect the webserver from the wifi router.

Connect the webserver to the ISP modem/router.

Configure a DMZ on the ISP modem/router and configure your webserver to be in that DMZ.

Set up a firewall using iptables on the web server to deny all traffic except the web traffic (port 80, 443, 22 for outside access maybe?). Package arno-iptables-firewall helps with automating iptables firewall, or the lenny package ipmasq which still works on squeeze, you just have to download it yourself and dpkg -i it.

If you decide to open port 22 for ssh access to the internet then install fail2ban to discourage brute force attacks. Also consider to only allow password-less entry using keys.

Note: Do NOT use NAT if you can help it. It's not any more secure and it's a bad hack to work around lack of IP addresses in IPv4. Thank goodness we won't need that nonsense on IPv6.

aseq
  • 4,550
  • 1
  • 22
  • 46