1 |
On 7/31/20 1:39 PM, james wrote: |
2 |
> I'd like to start with a basic list/brief description of these, please? |
3 |
|
4 |
They basically come down to two broad categories: |
5 |
1) Have the ""static IP bound to an additional network interface on the |
6 |
destination system and leverage routing to get from clients to it. |
7 |
2) Have the ""static IP bound to a remote system that forwards traffic |
8 |
to a different address on the local system. |
9 |
|
10 |
Traffic frequently spans the network between the local system and the |
11 |
remote system through some sort of VPN. |
12 |
|
13 |
Note: VPNs can be encrypted or unencrypted. |
14 |
|
15 |
I think one of the simpler things to do is to have something like a |
16 |
Raspberry Pi (a common, simple, inexpensive example) SSH to a Virtual |
17 |
Private Server somewhere on the Internet and use remote port forwarding. |
18 |
|
19 |
root@pi# ssh root@vps -R 203.0.113.23:25:127.0.0.1:25 |
20 |
|
21 |
Note: I'm using root to simplify the example. Apply security best |
22 |
practices. |
23 |
|
24 |
This will allow port 25 on a VPS with a (true) static IP (configured in |
25 |
/etc/conf.d/net) to receive TCP connections and forward them to your |
26 |
local mail server completely independent of what IP your local Pi may |
27 |
connect to the Internet with. |
28 |
|
29 |
Your MX record(s) resolve to the IP address of the VPS. You can change |
30 |
local IPs or ISPs or even country as often as you like. |
31 |
|
32 |
Another more complex method is to use a more traditional VPN; e.g. GRE |
33 |
tunnel, IPsec tunnel, SSH L2 / L3 tunnel, OpenVPN, WireGuard and IP |
34 |
forwarding on the VPS to route the TCP connections to the local mail server. |
35 |
|
36 |
Things quickly get deep in minutia of what method you want to use and |
37 |
what you want to go over it. |
38 |
|
39 |
I think the SSH remote port forwarding is an elegant technique. It's |
40 |
relatively simple and it has the added advantage that when the |
41 |
connection is down the VPS will not establish a TCP connection (because |
42 |
ssh is not listening on the remotely forwarded port) thus remote |
43 |
connecting systems will fail hard / fast, thus it's more likely to be |
44 |
brought to a human's attention. |
45 |
|
46 |
|
47 |
|
48 |
-- |
49 |
Grant. . . . |
50 |
unix || die |