Re: Networking book recommendation

To: debian-user@lists.debian.org
Subject: Re: Networking book recommendation
From: David Christensen <dpchrist@holgerdanske.com>
Date: Tue, 3 May 2022 16:49:28 -0700
Message-id: <[🔎] 4f6a44f6-e587-99f1-873b-1bbbb70a9e92@holgerdanske.com>
In-reply-to: <[🔎] CAFMGiz-xXiJk_-jdnZ=XukTsFSq0znrOjz_kiauhJgMe3xqURg@mail.gmail.com>
References: <[🔎] CAFMGiz-xXiJk_-jdnZ=XukTsFSq0znrOjz_kiauhJgMe3xqURg@mail.gmail.com>

On 5/3/22 12:42, Tom Browder wrote:

I'm about to sign up for a fixed IPv4 address to my home. I know a bit
about setting up simple internal networks, but want to make sure I'm
doing it all correctly and securely. Does anyone have a good book they
recommend for such use?



On 5/3/22 13:35, Tom Browder wrote:
> On Tue, May 3, 2022 at 15:18 john doe <johndoe65534@mail.com> wrote:
>
>> On 5/3/2022 9:42 PM, Tom Browder wrote:
>>> I'm about to sign up for a fixed IPv4 address to my home. I know a bit
>>> about setting up simple internal networks, but want to make sure I'm
>>> doing it all correctly and securely. Does anyone have a good book they
>>> recommend for such use?
>>>
>>
>> What do you mean by "correctly and securly", the networking is never
>> secure.
>
>
> Thanks, I didn't know that.
>
> Depending on what you need, you might want firewall ...
>
>
> I'm considering HaProxy downsteam from the router.
>
> That also brings the question, why do you need a static IPv4 address?
>
>
> I'm moving my webservers inside.


On 5/3/22 14:14, Tom Browder wrote:
> I appreciate all the responses, and I realize, once again, that I should
> have given a little more background for the question:
>
> I have been running 10+ websites using SNI on Apache on two leased remote

> servers for many years. I am now moving the whole operation,gradually, to> operate out of my home on my own Debian server. During those yearsI've had

> several hardware failures that were hard to deal with remotely, hence the

> decision to come home (especially since I now have a bit more spacefor the

> additional equipment).
>

> I have been using a firewall and iptables to minimize inboundtraffic, but

> the details some have sent are very helpful for my current plan.
>
> In addition to the webserver being accessed externally, I will be sshing
> into my home server while traveling.


On 5/3/22 14:32, Tom Browder wrote:
> The sites are historically low traffic, but I'll watch out for problems.
> Our current ISP is AT&T and they are laying fiber quickly in my area.

I have stumbled my way through networking over the years, readingwhatever I could find. A recent book that I can recommend is"Networking for System Administrators" by Lucas:


    https://mwl.io/nonfiction/networking#n4sa

Do not conflate running public services on the Internet and remoteaccess to your LAN over the Internet. I strongly recommend a virtualprivate server (VPS) for the former and a virtual private network (VPN)for the latter.



For SOHO networking, I now use UniFi hardware products:

    https://ui.com/

The UniFi Controller is running on a Debian VPS at Linode. Creating thenode is automated via a Linode Stack Script. In addition to the UniFiController (which includes VPN capabilities), the node image includesfail2ban, LetsEncrypt key management, and other features:


    https://www.linode.com/


David

Reply to:

References:
- Networking book recommendation
  - From: Tom Browder <tom.browder@gmail.com>

Prev by Date: Re: Networking book recommendation
Next by Date: Re: Looking for documentation package
Previous by thread: Re: Networking book recommendation
Next by thread: Re: Networking book recommendation
Index(es):
- Date
- Thread