this post was submitted on 05 May 2024
34 points (97.2% liked)

Selfhosted

40198 readers
694 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 1 year ago
MODERATORS
 

Hi everyone!

I'm looking into self-hosting, and I currently have dynamic DNS set up to point to my home IP.

My question: is it worth getting a dedicated IP through a VPN?

I'm pretty technically savvy, but when it comes to networking I lack practical experience. My thought is that pointing my domain to a dedicated IP and routing that traffic to my home IP would be safer - especially if I only allow traffic on certain ports from that IP. Just curious if that idea holds up in practice, or if it's not worth the effort.

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 3 points 6 months ago (1 children)

Why do firewall rules need to resolve FQDNs?

[–] [email protected] 1 points 6 months ago (1 children)

To resolve whatever hostname you’ve setup for ddns

[–] [email protected] 1 points 6 months ago (1 children)

Sorry, but I still don't understand, what's the need for that?

[–] [email protected] 1 points 6 months ago (1 children)

Because you’re not going to setup any rules pointed to a dynamic public IP address. Otherwise you’re going to be finding a way to change the rule every time the ip changes.

The ddns automatically updates an A record with your public IP address any time it changes, so yeah the rules would use the fqdn for that A record.

[–] [email protected] 1 points 6 months ago (1 children)

What's the need of the public IP in the firewall rules?

[–] [email protected] 1 points 6 months ago (1 children)

If OP needs a firewall rule to do any number of things that a firewall does.

[–] [email protected] 1 points 6 months ago (1 children)

I'm curious to know in which case is useful to know the public IP in a firewall rule because I've never used it.

[–] [email protected] 1 points 6 months ago (1 children)

An access rule for instance. To say to allow all traffic or specific types of traffic from a public IP address. This could be if you wanted to allow access to some media server from your friends house or something.

[–] [email protected] 1 points 6 months ago (1 children)

To allow access from a friend you need his public IP, not yours.

[–] [email protected] 1 points 6 months ago (1 children)

No fucking shit? In that scenario your friend could use DDNS and you point your access rule to his FQDN to allow access.

Did you really ask me a billion fucking “why” questions just to come back and fucking what prove me wrong? Is this a good use of your time? I literally thought you were a noobie looking to understand.

Fuck off.

[–] [email protected] 1 points 6 months ago (1 children)

Dude, just chill! I didn't think that your answer made sense in the first place and that's why I've asked why you wrote that sentence. I'm not the one that reply to a comment saying "You're wrong!", unless I'm more than sure about what I'm talking, otherwise, and in this case I wasn't sure and I wanted to know your point. I'm here to give my point of view and also to LEARN from others and this is why I kept asking you what was the need of resolving a DNS in a firewall rule, so that maybe I could start using those rules too. On the other side, if you understood that your answer didn't make sense, you simply could have just said it and not waste mine and your time. I think that we ALL are here to share idea and knowledge and that NO ONE is perfect, me in the first place!

[–] [email protected] 1 points 6 months ago* (last edited 6 months ago) (1 children)

If you really think someone is wrong don’t ask them “why, why, why” incessantly like a toddler, grow a pair of balls and just speak your mind.

And in this case I meant “your IP” as in, the grand scheme of things “an IP address that you own”, a VPS for instance, not necessarily the destination. Obviously you wouldn’t need to tell a firewall what its own public IP is. Have I clarified my thought to your standards?

[–] [email protected] 1 points 6 months ago* (last edited 6 months ago) (1 children)

You've clarified your thought to a normal standard, as you didn't previously. Learn to say "I was wrong" when you are wrong!

Edit: could I have said in the first place that I thought that you were wrong? Probably yes and I'll keep that in mind.

[–] [email protected] 1 points 6 months ago

I would’ve if I was wrong