[tclug-list] server setup question

Wed Jan 22 17:32:19 CST 2020

On Wed, 2020-01-22 at 09:30 -0600, o1bigtenor wrote:
> On Wed, Jan 22, 2020 at 8:25 AM r hayman <rhayman at pureice.com> wrote:
> > 
> > 
> > I've always just picked a name from a theme and have not used a
> > given domain name on my LAN.
> > Once I used fish as a theme - sunfish, perch, musky, bluegill, ...
> > 
> > I use my Ubiquiti EdgeRouter as my DNS and DHCP server and assign
> > given IPs.
> > Then I set up the /etc/hosts files to reflect the IPs I give to my
> > known hosts.
> > I start below the
> > 127.0.0.1 localhost.localdomain localhost
> > ::1 localhost6.localdomain6 localhost6
> > section and add my declarations
> > e.g.
> > If I leave the first 128 available as non-assigned, and have DHCP
> > give out addresses to 172.20.100.0/24, then unknown hosts get one
> > of the first 128 IPs.
> > 172.20.100.129 bluegill
> > 172.20.100.254 ubiquiti fw musky
> > 
> > 
> > Connecting to the other hosts on the LAN is as easy as
> > $ ssh bluegill
> > or from a browser
> > https://bluegill
> > 
> > I also create ufw rules on my LAN machines that, for example, only
> > allow ssh from 172.20.100.0/24 or even more restricted than that
> > like 172.20.100.128/25 or /26, /27, /28, or even /29 depending on
> > which IPs I want to give ssh access to other hosts on the LAN.
> > 
> Very very interesting - - - - - thank you!!!!
> _______________________________________________
> TCLUG Mailing List - Minneapolis/St. Paul, Minnesota
> tclug-list at mn-linux.org
> http://mailman.mn-linux.org/mailman/listinfo/tclug-list
Remember also that you do not want to use certain non-routable/private
IP ranges due to how many devices out there default to them and can
cause confusion on the LAN keeping your packets from getting to where
you want them to go:
10.0.0.x
192.168.0.x
192.168.1.x
192.168.2.x
192.168.10.x
I also put my Comcast cable modem in bridge mode so my Ubiquiti router
is "on the Internet" and the Comcast box is just a pass-through device.
That means I control all my firewall rules and minimize double-NAT
issues plus it gives me the option of setting up my own DMZ and VPN
server (on the Ubiquiti) to get into my LAN securely from anywhere on
the Internet.
Have fun and enjoy!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.mn-linux.org/pipermail/tclug-list/attachments/20200122/51103689/attachment.htm>