Jump to content
RESET Forums (homeservershow.com)

No ISP Internet Static IP. How to secure connect to web servers?


doliveira
 Share

Recommended Posts

Hi,

 

At home i my internet ISP does not provide Static IP. It only provides dynamic ips that change without notice and are shared with multiple houses on my local residential area.

 

My problem is that on all my webservers i have defined a static and only access to cPanel and SSH to be only allowed by my hosting company office IP and also my own office internet Static IP. Now i also want to access them from home, but at home i don't have a static ip that i can simply insert on the list of allowed ip's.

 

At home i have a work network with a Windows Server 2012 R2 Essentials that is already with the VPN and Windows Anywhere Access set and i have also just in case already subscribed to the noip.com hostname service to give my home a static hostname.

 

So at the moment from outside i can access my home server using 2 ways: the windows build in VPN / Anywhere Access or using my noip.com Hostname.

 

But now i really don't know what do i need to do or get to make what i need.

 

If i can find a way to define a fixed path i will then be able to define and include on my web servers that path (noip.com hostname or my windows server vpn) in order for me to have access to them also from home.

 

I really need help on this. If i have a Static IP, problem was already solved. So i must find a way using Windows build in VPN / Anywhere Remote Access or with noip.com service that allows me to defined on my webservers to access them.

 

I really appreciate for all the help or advices that anyone can give me about this. I really need help on this because i don't know what to do.

 

Fell free to share your opinion and advices.

 

Thanks

Link to comment
Share on other sites

  • Replies 31
  • Created
  • Last Reply

Top Posters In This Topic

  • jmwills

    10

  • ikon

    5

  • Andne

    4

  • doliveira

    11

Top Posters In This Topic

I read this three times and really didn't understand what you are trying to accomplish from home.  If you are at home, you're going to be on the same subnet so there is no reason to go outside the LAN and come back in.  Or did I miss something?

 

You started off right with going with the No-IP solution which is VERY reliable and cost effective.

Link to comment
Share on other sites

Hi @jmwillis

 

Sorry if my explain my self in a confusing way. I will try to explain in a more clear way bellow:

 

I have a web server hosted on a datacenter and the only way to access the cPanel and SSH is from my office network that has a Static IP internet connection. This happens because on my webserver is defined to only allow my office static ip to access to it.

 

But now i also want to access the webserver from home, but at home, my internet connection only has dynamic ip address.

 

So im trying to find a way to access my webserver from home just as i do from the office. So i need my home network to have some kind of fixed hostname or ip in order that i can add it to my webserver allowed access list.

 

At home im running a network with Windows Server 2012 R2 Essentials with VPN and Anywahere Access already setm and on my Router i have also add noip.com service.

 

Can i make my self clear now? Did you understand what i need? If yes, can you help me?

 

Thanks 

Link to comment
Share on other sites

What is the purpose of only allowing access from a fixed IP?  What purpose does that serve?  It certainly does nothing from a security standpoint.

 

I'm just trying to understand the logic.

Link to comment
Share on other sites

Hi @jmwillis,

 

The webserver that is hosted on a datacenter hosts several websites and all have public access. Only the Administrator interfaces of the webserver like the SSH terminal and the control panel (cPanel in this case) are protected to only allow access from my office internet static ip. This is done by settig up a access list on the server to only allows access from ips inserted on the list.

 

My objective with this is increase the security of the webserver where i host some of my clients websites. This way i ensure that access to the SSH terminal and cPanel control panel can only be made from my office fixed ip address.

 

Did i now make my self clear? If not please tell me and i will try to explain better. I really need some help and advices on this.

 

Thanks

Link to comment
Share on other sites

Maybe it's a roundabout way of dong this, but can you run a VPN server at your office and route your connection to ssh and the admin panel through there, then it would appear to be coming from your office.

Link to comment
Share on other sites

Maybe it's a roundabout way of dong this, but can you run a VPN server at your office and route your connection to ssh and the admin panel through there, then it would appear to be coming from your office.

 

Hi Andne,

 

Will a VPN solve my problem even with me having a internet dynamic ip address?

 

Also if running a VPN server at my home is the solution, don't i already have a VPN server running on my "Windows Server 2012 R2 Essentials"? If yes, can i use it or do i have to install a 3rd party VPN solution server like OpenVPN, for example?

 

I would prefer to use the build in Windows VPN, instead of having to install and use 3rd party VPN's.

 

Thanks 

Link to comment
Share on other sites

I think you misunderstood me, I was saying to run the VPN server at your office and VPN to it from your house.  That way you can either remote into a computer at work and use it to connect to SSH and cPanel (easier solution), or if you can get the routes right you can forward your traffic through the VPN connection so that it appears to be coming from your office even though it's really coming from your house (much harder solution, though maybe nicer in the long run).

 

You wouldn't happen to have an Windows Server Essentials (any version) or similar server at work, would you?  That'd be the easy way to do things.  Actually with Essentials you don't even need the VPN, just remote desktop into your work computer through the remote web access site and go from there.

Link to comment
Share on other sites

Hi jmwillis and Andne,

 

Thanks for your ideas and advices.

 

About connecting from my Home to my Work Office VPN, its not an option, because sometimes at night office is closed and all computers and servers turn down. Also because of redundancy puroposes, i need to have an independant access to my webservers from my home in case office network is down.

 

I have a "Windows Server 2012 R2 Essentials" running at my Home network. Any advices or ideas?

 

Thanks

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share


×
×
  • Create New...