> On Tue, May 3, 2022 at 15:18 john doe <johndoe65534@mail.com> wrote:
>> On 5/3/2022 9:42 PM, Tom Browder wrote:
>>> I'm about to sign up for a fixed IPv4 address to my home. I know a bit
>>> about setting up simple internal networks, but want to make sure I'm
>>> doing it all correctly and securely. Does anyone have a good book they
>>> recommend for such use?
I found the book I once consulted and just bought the Kindle version:
Networking for Systems Administrators, Michael W. Lucas, 2014
Mr. Lucas has also written books on *BSD, ssh, and DNS.
Here are some comments in addition to this thread:
- Do not use the router capability provided by your ISP.
This is mainly to avoid letting your ISP remotely control the thing and
disable the firewall for example.
Good advice.
If you can, use your own router.
Ditto.
If your ISP requires to work with their router put the ISP thing in
'bridge'/modem only mode, this will allow to get your public IPv4
address to your own gateway.
Check.
- Use VPN to access your servers remotely.
I find it easier to use a VPN (responsible for public remote connection)
to connect to my own network then use SSH (responsible for private
remote connection) to connect to my intranet devices
This also give you two layers of authentication and you have separate
services.
But, given a properly passwordless ssh connection, is there anything extraordinarily dangerous versus a VPN, or is it the redundancy you favor? (I am the only superuser, and usually the only user of my network.)
BTW, regarding pfsense, I forgot it runs on BSD, so I plan to get their small appliance to hang off the ISP router.
Thanks, Mr. John Doe.
-Tom