Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Server Static IP and At&T's BGW210

44 views
Skip to first unread message

Tom Browder

unread,
Jan 19, 2023, 4:20:06 PM1/19/23
to
I am trying to use my new public static IP for my Debian PC which is ready for it security-wise (thanks to advice from this ML; note I will initially allow access only via ssh from the IP address of one of my remote hosts).

I know how to turn on public access in their router, but it's not clear what the results will be. I have queried the AT&T community but no answer yet.

The question is: when I set the router to allow public access, does it only allow access to devices assigned to one of the public IPs (i.e., it does NOT allow access to devices using DHCP)?

It seems to me logically that should be true, but I just need some confirmation before I open up to the public. (And I will start by limit

Thanks.

-Tom

john doe

unread,
Jan 19, 2023, 5:10:06 PM1/19/23
to
On 1/19/23 22:15, Tom Browder wrote:
> I am trying to use my new public static IP for my Debian PC which is ready
> for it security-wise (thanks to advice from this ML; note I will initially
> allow access only via ssh from the IP address of one of my remote hosts).
>
> -Tom
>

If I may, use bridge mode or a modem but do not use a router from your ISP.
To me, the simple fact that you are asking this question is enough to
not trust what you have from your ISP!

--
John Doe

Brian

unread,
Jan 19, 2023, 6:40:05 PM1/19/23
to
*All* addresses used on the internet are public.

gene heskett

unread,
Jan 19, 2023, 7:00:06 PM1/19/23
to
Good advice. My whole home net is in the 192.168.xxx.yyy area, natted in
MY router running dd-wrt. I've totally transparent access to the whole
world, but that whole world has not touched me in 20 years.

Cheers, Gene Heskett.
--
"There are four boxes to be used in defense of liberty:
soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author, 1940)
If we desire respect for the law, we must first make the law respectable.
- Louis D. Brandeis
Genes Web page <http://geneslinuxbox.net:6309/>

David Christensen

unread,
Jan 19, 2023, 9:00:06 PM1/19/23
to
If your AT&T U-verse residential gateway is anything like mine (Pace
5268AC FXN), it will have a web server/ control panel accessed by
connecting a computer via an RJ-45 Ethernet port or via Wi-Fi, and
browsing to a specific IPv4 address (mine uses 192.168.1.254). Doing so
with Debian 11.6 and Firefox, I see a web page with 4 tabs and the
"Home" tab active. If I select Settings -> Firewall, I see a Status
page with the rules I have defined. If I select Applications, Pinholes
and DMZ, I see a web page with two parts -- "Select a computer" and
"Edit firewall settings for this computer". If click the link for my
UniFi Security Gateway in the first part (you would choose your Debian
server here), the second part updates and I see three choices:

- Maximum protection -- this means no incoming Internet traffic will be
forwarded to the selected host.

- Allow individual applications -- this means incoming Internet traffic
that matches the specific protocols/ ports that I have configured will
be forwarded to the selected host. I have configured my AT&T gateway to
route Internet incoming SSH traffic and Internet incoming VPN traffic to
my UniFi Security Gateway.

- Allow all applications -- this means all incoming Internet traffic
will be forwarded to the selected host.


I suggest that you start with the second option and SSH traffic.


On a related note, you might want your static IP to be accessible via a
Fully Qualified Domain Name. You have at least two choices:

- Add an entry to the /etc/hosts file on the remote host(s) (e.g. your
laptop), so that it can find your static IP when you enter the FQDN
(e.g. when you are remote with a laptop and want to connecting to your
Debian host with ssh(1)).

- If you have a domain name and DNS hosting, add a DNS record to your
DNS hosting service so that any host connected to the Internet can find
your static IP by name.


I own and recommend "Networking for System Administrators" by Lucas:

https://mwl.io/nonfiction/networking#n4sa


HTH,

David

Tom Browder

unread,
Jan 20, 2023, 6:50:06 AM1/20/23
to
On Thu, Jan 19, 2023 at 19:58 David Christensen <dpch...@holgerdanske.com> wrote:

If your AT&T U-verse residential gateway is anything like mine (Pace
5268AC FXN), it will have a web server/ control panel accessed

Yes, mine router is similar

I own and recommend "Networking for System Administrators" by Lucas:

https://mwl.io/nonfiction/networking#n4sa

I do too. 

And your email helps.

I certainly have a firewall on the computer to go public. And I’m restricting external ssh to one of my remote hosts while I build out my planned set up . I’m just trying to understand the way the ATT router translates to my physical situation.

Conceptually, it seems to me it’s like having two houses: (1) one with the private LAN like most internet connected houses these days and (2) a house like my remote service and hosts at Dedispec where all hosts have one or more public IPs open to ssh from the internet.

On the ATT router I turn on the public subnet and assign one of the static IPs to my desired host.

Eventually I’m going to fancify things with other  network hardware, but not for a while.

Thanks, David.

-Tom

Tom Browder

unread,
Jan 20, 2023, 10:00:06 AM1/20/23
to
On Fri, Jan 20, 2023 at 05:39 Tom Browder <tom.b...@gmail.com> wrote:

BTW, I just found this link from a guy I recently found on Youtube who seems to know his stuff:
0 new messages