| 1 |
On 7/31/20 1:39 PM, james wrote: |
| 2 |
> I'd like to start with a basic list/brief description of these, please? |
| 3 |
|
| 4 |
They basically come down to two broad categories: |
| 5 |
1) Have the ""static IP bound to an additional network interface on the |
| 6 |
destination system and leverage routing to get from clients to it. |
| 7 |
2) Have the ""static IP bound to a remote system that forwards traffic |
| 8 |
to a different address on the local system. |
| 9 |
|
| 10 |
Traffic frequently spans the network between the local system and the |
| 11 |
remote system through some sort of VPN. |
| 12 |
|
| 13 |
Note: VPNs can be encrypted or unencrypted. |
| 14 |
|
| 15 |
I think one of the simpler things to do is to have something like a |
| 16 |
Raspberry Pi (a common, simple, inexpensive example) SSH to a Virtual |
| 17 |
Private Server somewhere on the Internet and use remote port forwarding. |
| 18 |
|
| 19 |
root@pi# ssh root@vps -R 203.0.113.23:25:127.0.0.1:25 |
| 20 |
|
| 21 |
Note: I'm using root to simplify the example. Apply security best |
| 22 |
practices. |
| 23 |
|
| 24 |
This will allow port 25 on a VPS with a (true) static IP (configured in |
| 25 |
/etc/conf.d/net) to receive TCP connections and forward them to your |
| 26 |
local mail server completely independent of what IP your local Pi may |
| 27 |
connect to the Internet with. |
| 28 |
|
| 29 |
Your MX record(s) resolve to the IP address of the VPS. You can change |
| 30 |
local IPs or ISPs or even country as often as you like. |
| 31 |
|
| 32 |
Another more complex method is to use a more traditional VPN; e.g. GRE |
| 33 |
tunnel, IPsec tunnel, SSH L2 / L3 tunnel, OpenVPN, WireGuard and IP |
| 34 |
forwarding on the VPS to route the TCP connections to the local mail server. |
| 35 |
|
| 36 |
Things quickly get deep in minutia of what method you want to use and |
| 37 |
what you want to go over it. |
| 38 |
|
| 39 |
I think the SSH remote port forwarding is an elegant technique. It's |
| 40 |
relatively simple and it has the added advantage that when the |
| 41 |
connection is down the VPS will not establish a TCP connection (because |
| 42 |
ssh is not listening on the remotely forwarded port) thus remote |
| 43 |
connecting systems will fail hard / fast, thus it's more likely to be |
| 44 |
brought to a human's attention. |
| 45 |
|
| 46 |
|
| 47 |
|
| 48 |
-- |
| 49 |
Grant. . . . |
| 50 |
unix || die |
Archives