On Tue, 2004-07-20 at 01:06 -0700, Thornton wrote: > Is this for a server or for home? If its for home your ISP may be > blocking port 25. I have a fairly robust solution for blocked ports. I am working on a writeup now, which should be at http://www.keithl.com/vpncolo.html before Friday. The idea is that you set up an external user-mode-linux co-location site (typically about $20/mo) and put your published IP addresses and inbound services there. Then you connect an outbound Virtual Private Network from your internal network to the UML colo. Now you have only outbound services from your internal network, no inbound. If your broadband provider blocks ports ( 80=http 25=smtp 22=ssh ) you can terminate the blocked ports at the colo and send blocked services through the VPN tunnel. If your service provider rapidly changes your dynamic IP address, or even if they NAT (Network Address Translate) your feed, you can STILL connect outbound. The only way your provider can really stop you is to greatly restrict the outbound ports you can connect to, in which case normal services don't work. I figure if they (stupidly) cut me down to ONLY outbound port 80, I could set up my colo with a second IP address ($1/month extra) that connects port 80 to the VPN instead of the httpd web server. Your service provider CAN'T block outbound port 80 without making their service useless. I send outbound smtp (mail) through the tunnel and out from the UML colo. While some sites filter spam based on the source IP address, The net sees mail coming from the same address as my inbound. If I was to send my outbound through smtp.comcast.net, I could also get blocked if the Realtime Blackhole Lists (RBL) decide my provider (Comcast) is a spammer, which I avoid by ignoring the comcast mail server. I do Domain Name Service for my websites and colo with dyndns.org. If my colo provider gets weird, or spammers invade the same IP address block and get the whole block listed in the RBS, I can sign up with a different colo company, upload my colo contents to the new colo (I back it up nightly with Dirvish, www.dirvish.org) move DNS pointers (dyndns makes this easy), and I am on-the-air in a new, good IP address neighborhood within a few hours. Yes, this costs extra money per month, and setup time, but it avoids all the TOS (terms of service) issues, puts my websites on a fat pipe, adds major flexibility, and increases security. And if your server needs are modest, one UML colo can be shared by many different individual sites, reducing cost further. Again, I am working on a writeup, and I hope to provide a cookbook for setting up a VPN-connected colo, which you can critique and use. Keith -- Keith Lofstrom keithl@xxxxxxxx Voice (503)-520-1993 KLIC --- Keith Lofstrom Integrated Circuits --- "Your Ideas in Silicon" Design Contracting in Bipolar and CMOS - Analog, Digital, and Scan ICs
