| Linode Forum https://forum.linode.com/ |
|
| Setup Linode as StaticIPs for MailServer on dynIP home lan? https://forum.linode.com/viewtopic.php?f=19&t=10574 |
Page 1 of 1 |
| Author: | jenl [ Thu Oct 31, 2013 1:35 pm ] |
| Post subject: | Setup Linode as StaticIPs for MailServer on dynIP home lan? |
Hello, I'm setting up my 1st Linode VPS. In addition to serving up the usual web site, I'd like to use it to get rid of my static IP at my office. Right now, the office has a mail-server running that uses two static IP addresses. I want to keep that mail-server running on my LAN, but "redirect" it to use two static IP addresses on my Linode instead. I've been reading up and am pretty sure that if I setup an IPv6 tunnel for my LAN, and the Linode has an IPv6 address too, I can somehow connect the two so traffic between the two flows over the IPv6 networks. IIUC, the IPv6 addresses are by definition 'static' and independent of whether or not my LAN connection to my ISP is a dynamic/IPv4 or not. So, if that's the right approach, the CONCEPT sounds pretty easy. But I've managed to get terribly lost putting all the pieces together. There's routes, firewalls, VPNs, tunnels, network scripts, interface settings, etc etc. Getting it all setup properly is more than I can chew right now. I'd guess some folks @ Linode have done this "whole thing" before. I'm hoping to get some hand-holding through all the detailed steps, learn once and for all how to do the whole thing RIGHT in the context of a Linode, and end up documenting here for posterity -- for myself and others. What I've done/have so far is: @ Linode: 2 static IPv4s IPv6 enabled IPv4 & IPv6 firewalls turned on NO mailserver will run on this box @ LAN 2 static IPv4s on my edge router/firewall IPv6 enabled on my edge router/firewall IPv4 & IPv6 firewalls turned on my edge router/firewall mailserver running on an an internal-LAN box, with 2 NAT'd IPv4s mapped to/from the 2 static IPs on the edge box So, my question is -- what's the best/right method for transparently "rewiring" the whole mess so that the mailserver's external/real IPs get moved from the edge box on my LAN, to those on the Linode, and it all stays working after I downgrade from a static IP to a dynamic one on my LAN? THanks, and here's hoping we get a good "how to" out of this! JenL |
|
| Author: | Vance [ Fri Nov 01, 2013 2:01 am ] |
| Post subject: | Re: Setup Linode as StaticIPs for MailServer on dynIP home l |
You might want to read through this thread, where I described how this can be done with an ssh tunnel. In your case with multiple IPs, you could use something like the following to forward port 25. Code: ssh -R 'your.first.linode.ip:25:your.first.home.ip:25' -R 'your.second.linode.ip:25:your.second.home.ip:25' root@your.linodes.name If you wish to do more fancy stuff than just forward a couple ports, you're probably looking at doing something with OpenVPN. I'm not very familiar with IPv6, but you should check with your ISP as to whether they give a static allocation, or whether it could change on disconnect/reconnect. I'm not aware of a guarantee in the standards that it will be static (but I could very well be wrong). |
|
| Author: | jenl [ Fri Nov 01, 2013 2:49 pm ] |
| Post subject: | Re: Setup Linode as StaticIPs for MailServer on dynIP home l |
@Vance Not sure my lingo is up to snuff, but ... Does your suggestion actually "attach" the Public-on-the-linode & Private-on-the-LAN IP/interfaces, without any further need for NAT, routing etc? I guess another way to ask, will mail sent from the LAN server automatically appear to be sent from the real-IP on the Linode, and will mail sent TO the MX @ real-IP make it to the mailserver? As for the IPv6 address, my IPv6 is static, allocated via a tunnel provider, atm. Someday it'll be directly from the provider. |
|
| Author: | sweh [ Fri Nov 01, 2013 3:11 pm ] |
| Post subject: | Re: Setup Linode as StaticIPs for MailServer on dynIP home l |
What I did was create an openvpn connection from my home machine to my linode. Let's say it has IP address 10.20.30.40 (home) and 10.20.30.50 (linode). Now my home machine runs an MTA as normal, and uses 10.20.30.50 as a smart host so all outgoing mail goes via linode. The linode is the MX for my mail and rewrites incoming mail to go to home. I use a table of users I want to forward mail for, so that mail for an invalid user does not make it home and then bounce; I just refuse to accept it on linode. Stops you doing spam backscatter. If you have IPv6 (whether tunnel or ISP provided) then you can do the same thing over IPv6 and not need the OpenVPN tunnel. linode rules are simple for postfix. I added a transport map entry home.MYDOMAIN smtp:my_home_machine In main.cf I added virtual_maps = hash:/etc/postfix/MYDOMAIN And now in MYDOMAIN I can do lines such as user@MYDOMAIN user@home.MYDOMAIN Remember to allow "home" to relay via postfix. Remember to set your home machine to accept mail addressed to user@home.MYDOMAIN and send out mail with user@MYDOMAIN. I think that's pretty much it. |
|
| Author: | Vance [ Sat Nov 02, 2013 6:16 pm ] |
| Post subject: | Re: Setup Linode as StaticIPs for MailServer on dynIP home l |
jenl wrote: Does your suggestion actually "attach" the Public-on-the-linode & Private-on-the-LAN IP/interfaces, without any further need for NAT, routing etc? I guess another way to ask, will mail sent from the LAN server automatically appear to be sent from the real-IP on the Linode, and will mail sent TO the MX @ real-IP make it to the mailserver? With the ssh tunnel suggestion, people wanting to send mail to you would connect to the Linode's IP address. This traffic would be forwarded over the tunnel to your home IP. From an outside sender's perspective, they would be talking to your Linode (one endpoint of the tunnel). From your mailserver's perspective, it would be talking to the local machine (the other endpoint of the tunnel). The tunnel operates only in one direction. Mail leaving your home mailserver would go directly from your home IP to the destination IP. This could be a problem if your ISP blocks connections to port 25 (many do). One solution would be to route outgoing mail through your ISP's mailserver. I'm not aware of a simple way to set up an ssh tunnel to handle the outbound situation. Hope this makes things a little clearer. |
|
| Page 1 of 1 | All times are UTC-04:00 |
| Powered by phpBB® Forum Software © phpBB Group http://www.phpbb.com/ |
|