DaemonForums  

Go Back   DaemonForums > OpenBSD > OpenBSD General

OpenBSD General Other questions regarding OpenBSD which do not fit in any of the categories below.

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 19th June 2012
frcc frcc is offline
Don't Worry Be Happy!
 
Join Date: Jul 2011
Location: hot,dry,dusty,rainy,windy,straight winds, tornado,puts the fear of God in you-Texas
Posts: 335
Default howto provide webserver access from internet

Hi Folks
I have been reading PF material from OpenBSD docs, and the "Book of PF second edition"
I am currently writing pf for "machines on my internal network", they currently do not provide any internet services. (connected to the internet via ip provider using DHCP). I am progressing in writing effective pf for each machine and getting good feedback with systat & pfctl commands. I am using a switch to connect my networks various machines connected to an "off the shelf router" to my ip provider.
I want to replace the router with a small openbsd box with extra nic cards to connect to my non-dmz network, a new dmz webserver, and of course the ip provider.
QUESTION?
can i provide dmz webservices to the internet using my ip providers dhcp connection
if so, is this accomplished by registerning a "domain name" with a service like dyn dns?
- or -
do i need a static ip from my ip provider?
-or -
can pf do this with some kind of nat ext_if?
slightly confused.

thanks in advance

frcc
Reply With Quote
  #2   (View Single Post)  
Old 19th June 2012
ocicat ocicat is offline
Administrator
 
Join Date: Apr 2008
Posts: 3,318
Default

Quote:
Originally Posted by frcc View Post
can i provide dmz webservices to the internet using my ip providers dhcp connection
Yes. Your question is really, "Can name resolution to the same registered name be made with rotating IP addresses obtained through DHCP?" The answer is still yes. Dynamic host name services like DynDNS are required to keep the mapping synchronized.

The alternative is to lease static IP's from an ISP. Static IP addresses frequently come with a higher charge & require business-level accounts. IP addresses obtained through DHCP do not require business-level accounts.
Quote:
can pf do this with some kind of nat ext_if?
slightly confused.
I think your confusion stems from mixing IP address issues (level 3 on the OSI network model...) with DNS name resolution which is done at a higher level in the OSI model. pf(4) is involved with both given its need to deal with IP addresses & ports specific to DNS traffic (ports 53 on both UDP & TCP...).

Last edited by ocicat; 19th June 2012 at 10:38 PM. Reason: corrected wrong manpage category
Reply With Quote
  #3   (View Single Post)  
Old 19th June 2012
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 7,977
Default Additional Dynamic IP Address Considerations

You mention the purpose is "webserver".
  • Please be aware that your ISP may block common inbound ports such as 80 or 443.
  • Whether blocked or not, your ISP may have an Acceptable Use Policy (AUP) which prohibits operating servers of any type from a residence on a dynamic IP address.
  • If you ever consider adding other services, dynamic IP addresses are often filtered from acceptable addresses for interconnections. The best of the examples is SMTP -- Email. Many servers will not transfer Email to servers residing on dynamic address ranges.

Last edited by jggimi; 19th June 2012 at 11:05 PM. Reason: typo
Reply With Quote
  #4   (View Single Post)  
Old 20th June 2012
frcc frcc is offline
Don't Worry Be Happy!
 
Join Date: Jul 2011
Location: hot,dry,dusty,rainy,windy,straight winds, tornado,puts the fear of God in you-Texas
Posts: 335
Default

thankyou all
it appears that both dynamic and static address pose certain advantages and disadvantages.
desired web/network services, cost, security, maintenance etc, need to be thought about.
Your answers do answer the initial question....!
frcc

Last edited by frcc; 20th June 2012 at 02:09 AM. Reason: clarification
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Cannot access from internet on 2nd ISP n4p1 OpenBSD General 22 30th September 2011 11:46 PM
4.8 -> 4.9 and internet access stops thefronny OpenBSD Security 4 14th August 2011 11:47 AM
PF cannot access Internet from internal network gpatrick OpenBSD Security 3 29th August 2010 10:59 PM
Internet Access Problem OpenBSD 4.3 alcy OpenBSD General 3 19th September 2008 06:00 PM
Internet access within jail Weaseal FreeBSD General 5 26th June 2008 02:45 PM


All times are GMT. The time now is 11:20 PM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick