private-schrijfsels-en-notities/durian.srv.xor-gate.org.md at 894a381f6d06fe4af357635165417749eb13eed3

1.2 KiB

Raw Blame History

Machine

Scaleway Console.net Dedibox 120GB SSD

OS

Debian 13 trixie AMD64

Firewall

Iptables (native)
https://wiki.debian.org/iptables
https://packages.debian.org/trixie/iptables-persistent

IPv4 forwarding

Host ports < 1024 as normal user and use iptables firewall to forward between localhost and public IP.

/usr/sbin/iptables -F # flush all rules
/usr/sbin/iptables -t nat -F # flush all nat rules
/usr/sbin/iptables -X # Clear user defined chains
/usr/sbin/iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT --to 127.0.0.1:8080
/usr/sbin/iptables -t nat -A POSTROUTING -j MASQUERADE
/usr/sbin/iptables -t nat -L -v

/etc/sysctl.conf:

net.ipv4.ip_forward = 1
net.ipv4.conf.all.route_localnet = 1

/sbin/sysctl -p

VPN

Wireguard

SSH

Key non-root only (global config)
- PasswordAuthentication no
- PubkeyAuthentication yes
- PermitRootLogin no

Containers

The host OS will be kept clean and all services go into there respective containers. SystemD will be used for frugal container management:

systemd-container pkg
systemd-nspawn feature

1.2 KiB Raw Blame History

Machine

OS

Firewall

IPv4 forwarding

VPN

SSH

Containers

1.2 KiB

Raw Blame History