Setup Linode as StaticIPs for MailServer on dynIP home lan?
I'm setting up my 1st Linode VPS.
In addition to serving up the usual web site, I'd like to use it to get rid of my static IP at my office.
Right now, the office has a mail-server running that uses two static IP addresses.
I want to keep that mail-server running on my LAN, but "redirect" it to use two static IP addresses on my Linode instead.
I've been reading up and am pretty sure that if I setup an IPv6 tunnel for my LAN, and the Linode has an IPv6 address too, I can somehow connect the two so traffic between the two flows over the IPv6 networks. IIUC, the IPv6 addresses are by definition 'static' and independent of whether or not my LAN connection to my ISP is a dynamic/IPv4 or not.
So, if that's the right approach, the CONCEPT sounds pretty easy. But I've managed to get terribly lost putting all the pieces together.
There's routes, firewalls, VPNs, tunnels, network scripts, interface settings, etc etc. Getting it all setup properly is more than I can chew right now.
I'd guess some folks @ Linode have done this "whole thing" before.
I'm hoping to get some hand-holding through all the detailed steps, learn once and for all how to do the whole thing RIGHT in the context of a Linode, and end up documenting here for posterity – for myself and others.
What I've done/have so far is:
@ Linode:
2 static IPv4s
IPv6 enabled
IPv4 & IPv6 firewalls turned on
NO mailserver will run on this box
@ LAN
2 static IPv4s on my edge router/firewall
IPv6 enabled on my edge router/firewall
IPv4 & IPv6 firewalls turned on my edge router/firewall
mailserver running on an an internal-LAN box, with 2 NAT'd IPv4s mapped to/from the 2 static IPs on the edge box
So, my question is -- what's the best/right method for transparently "rewiring" the whole mess so that the mailserver's external/real IPs get moved from the edge box on my LAN, to those on the Linode, and it all stays working after I downgrade from a static IP to a dynamic one on my LAN?
THanks, and here's hoping we get a good "how to" out of this!
JenL
4 Replies
this thread
ssh -R 'your.first.linode.ip:25:your.first.home.ip:25' -R 'your.second.linode.ip:25:your.second.home.ip:25' root@your.linodes.name
If you wish to do more fancy stuff than just forward a couple ports, you're probably looking at doing something with OpenVPN.
I'm not very familiar with IPv6, but you should check with your ISP as to whether they give a static allocation, or whether it could change on disconnect/reconnect. I'm not aware of a guarantee in the standards that it will be static (but I could very well be wrong).
Not sure my lingo is up to snuff, but …
Does your suggestion actually "attach" the Public-on-the-linode & Private-on-the-LAN IP/interfaces, without any further need for NAT, routing etc?
I guess another way to ask, will mail sent from the LAN server automatically appear to be sent from the real-IP on the Linode, and will mail sent TO the MX @ real-IP make it to the mailserver?
As for the IPv6 address, my IPv6 is static, allocated via a tunnel provider, atm. Someday it'll be directly from the provider.
If you have IPv6 (whether tunnel or ISP provided) then you can do the same thing over IPv6 and not need the OpenVPN tunnel.
linode rules are simple for postfix. I added a transport map entry
home.MYDOMAIN smtp:myhomemachine
In main.cf I added
virtual_maps = hash:/etc/postfix/MYDOMAIN
And now in MYDOMAIN I can do lines such as
user@MYDOMAIN
Remember to allow "home" to relay via postfix. Remember to set your home machine to accept mail addressed to
I think that's pretty much it.
@jenl:
Does your suggestion actually "attach" the Public-on-the-linode & Private-on-the-LAN IP/interfaces, without any further need for NAT, routing etc?
I guess another way to ask, will mail sent from the LAN server automatically appear to be sent from the real-IP on the Linode, and will mail sent TO the MX @ real-IP make it to the mailserver?
With the ssh tunnel suggestion, people wanting to send mail to you would connect to the Linode's IP address. This traffic would be forwarded over the tunnel to your home IP. From an outside sender's perspective, they would be talking to your Linode (one endpoint of the tunnel). From your mailserver's perspective, it would be talking to the local machine (the other endpoint of the tunnel).
The tunnel operates only in one direction. Mail leaving your home mailserver would go directly from your home IP to the destination IP. This could be a problem if your ISP blocks connections to port 25 (many do). One solution would be to route outgoing mail through your ISP's mailserver
Hope this makes things a little clearer.