Yeah, no. If remote hosts could not send traffic to hosts behind NAT almost nothing would work.
The hacks employed to make NAT work make security worse, not better.
Yeah, no. If remote hosts could not send traffic to hosts behind NAT almost nothing would work.
The hacks employed to make NAT work make security worse, not better.
I did it by acquiring my own AS number and prefix, allowing me to set the geofeed, and announcing it via public BGP from a box in a data center. Took a few days for most things to pick it up the geolocation.
Here is an excerpt of the table of contents for the book “Linux Application Development”:
It’s actually quite a good book.
Yes. I have a personal app that I made many years ago and used on my Pixel 4 and 6. It would not work on my 8 until I updated the sdk version and some of the tooling.
Story time. Apologies for the length, but consider it a cautionary tale.
I have my own email server. I have been hosting my own email since around 2001. It used to be hosted on a box in my house, which was fine since I had a “business” plan from the cable provider giving me a /29 and no port blocking.
One summer, I moved from a 1 bedroom apartment to a 2 bedroom. Awesome, now I have a room dedicated to computer stuff instead of having it in the living room.
Just after moving I went on a 2 week vacation. About 2 days in I was no longer able to access my email server. Could not ping the ip or anything. I had someone go to the apartment to check the console. Nothing wrong, just no internet access. Hmmm. Maybe my router is broken. I wasn’t going to subject the person looking at it to debugging it, so I figured I would deal with it when I got back.
Aside: my domain is hosted at EasyDNS, which has a “backup MX” service. If my mail server ever went offline, they would hold emails for up to 9 days and flush them into the real one once it came online. Since I would be away for longer, mails would start bouncing back to the original hosts. I contacted their support to see what they could do. The owner of the company even jumped in and they were able to redirect all of the past and future emails on their MX cache to my work email until I could resolve the problem. Brilliant. I remain a customer for life.
Anyway, when I got back I found that the problem was not with the router but the cable company. As it turns out whoever was in the apartment before I moved in didn’t pay one or more bills. A disconnect got scheduled despite the fact that a business account had moved there. The departments don’t talk to each other it seems. I got a partial refund but I immediately realised i could no longer host email at home.
I found a hosting company offering Xen paravirt VPSes here in Canada. They did not offer the distro I wanted so I contacted them and mentioned I can provide the image. They were happy to let me do it. In fact, they had other requests from other potential customers and asked if I could handle them. Long story short I now own half the company. The VPSes, no longer Xen, are all highly available thanks to Ceph and Pacemaker, and my mail server continues to run without any real interruptions.
All of that said, I do self host certain things. Anything used at home including home assistant, static websites, etc. are all running off my 5-node home cluster running the same stack. My current connection is generally quite reliable, since it’s fiber from the local telco, and I have bypassed their awful CPE. I also have a variety of VPSes around for multiple reasons, such as backup, DNS, routing IPv6 for my personal AS, etc.
The moral of this story, of course, is that you should assess how important whatever you are hosting. Do you want it to run when you are not able to get to your house? How much do you trust your internet provider? Also, how much do you trust your VPS provider?
Borgbackup, using borgmatic as a frontend, to a storage VPS. I backup dozens of machines this way. I simply add a user account for each machine on the VPS, then each machine backs up over ssh to its own account.
I use Home Assistant for that. It ties everything together quite nicely.
Also, a lot of the generic devices are really Tuya devices and can be controlled using a single instance of Tuya Smart Life.
I recite IPv6 addresses on my company networks from memory all the time. It helps that we got a bit lucky on our allocation. There are no letters.
Plus it’s really easy to number subnets in a way that makes sense.