Hi All,
Xpost from c/networking@lemmy.world
So since Reddit is out for me, I’m turning here to see if anyone has some insight or can comment on this. Anything you’ve got would be great!
Long and short, I made a quick decision and am now living in a “Spectrum Community” - whereby tenants are charged a fixed rate for Internet and TV and connect to a “mesh” network via captive portal where MAC addresses must be registered to the tennants. Everyone shares the same network, sorta, but it’s got that feature where no one can sniff each other (unless MAC addresses are registered to your name).
There’s some debate on posts regarding this, whether connecting your own gateway will cause an issue, but I would like to connect my own gateway / router. Now, I’d also like to port forward, as I run my own mail server, etc… which need this and a public IP address I can register with my domain in order for all the fun stuff to work.
I doubt I can connect the gateway / router and port forward as if the community were offering a “communal modem”, so the question becomes:
Can I defeat this “double NAT” by routing all traffic from MY gateway through a VPS? Then, can I tie my domain / proxy service to the public IP address of this VPS to make all my services work?
Other services I run: PiHole Unbound DNS resolving Emby Wireguard (for mobile access to PiHole) And other web based services
Again, thanks. Hopefully someone reads this and knows what I’m talking about. I believe in Lemmy.
Use Wireguard or whatever to create a VPN between your home and your VPS, put a reverse proxy on the VPS to route all incoming requests to your home server, and point your domain to the VPS.
You can use a reverse proxy for TCP and HTTP(s), and do port forwarding for other services.
OpenVPN can be bridged as well so all devices attached to your ap/router can be on the same broadcast. I’d rate this as fairly advanced but it’s possible. See here for details
Edit: without a bridge you will have double NAT, but that’s not too much of an issue imo.
So I think I’m running into this problem a bit now. The reverse proxy and everything TCP and HTTPS works. The mail server I’m still trying to figure out. I’m using Wireguard to tunnel, do you know how to “bridge” that up to the VPS so that ports I need open to listen for incoming SMTP are also being listened on on the VPS?
WireGuard don’t do bridge. But smtp is tcp on port 25 and can go though proxy.
Note: you’ll need a ptr record for your VPS IP, not all providers allow this. You’ll also need to make sure your vps provider don’t block port 25. (like digital ocean)
What’s your current setup? VPS with reverse proxy and WireGuard to your home server/network?
I tend to use haproxy and would just add a tcp frontend on port 25 and have the backend point to my home-server WireGuard IP and the port I run my smtp server. Or the local ip - if your lan subnet is in the allow section of what config on the VPs side
This is the solution I went with. Had to tinker a bit with the KeepAlive settings, but otherwise smooth sailing now! Thanks!