On Wed, May 4, 2022 at 11:07 john doe <[email protected]> wrote:
> > On Tue, May 3, 2022 at 15:18 john doe <[email protected]> wrote:
> >> On 5/3/2022 9:42 PM, Tom Browder wrote:
>>> I'm about to sign up for a fixed IPv4 address to my home. I know a bit
> >>> about setting up simple internal networks, but want to make sure I'm
>>> doing it all correctly and securely. Does anyone have a good book they
> >>> recommend for such use?
I found the book I once consulted and just bought the Kindle version:
Networking for Systems Administrators, Michael W. Lucas, 2014
Mr. Lucas has also written books on *BSD, ssh, and DNS.
Here are some comments in addition to this thread:
> - Do not use the router capability provided by your ISP.
> This is mainly to avoid letting your ISP remotely control the thing and
> disable the firewall for example.
Good advice.
If you can, use your own router.
Ditto.
If your ISP requires to work with their router put the ISP thing in
> 'bridge'/modem only mode, this will allow to get your public IPv4
> address to your own gateway.
Check.
- Use VPN to access your servers remotely.
> I find it easier to use a VPN (responsible for public remote connection)
> to connect to my own network then use SSH (responsible for private
> remote connection) to connect to my intranet devices
>
> This also give you two layers of authentication and you have separate
> services.
But, given a properly passwordless ssh connection, is there anything
extraordinarily dangerous versus a VPN, or is it the redundancy you favor?
(I am the only superuser, and usually the only user of my network.)
BTW, regarding pfsense, I forgot it runs on BSD, so I plan to get their
small appliance to hang off the ISP router.
Thanks, Mr. John Doe.
-Tom
