Should I connect my local server to internet (port forwarding)

[yigitayaz262]

My isp allows that and cloudflare gives 59 Tbps ddos protection for free. I will host a private server that handles file transfer, ssh etc. and it will be only accessible with a password. Also there is a public section. It will only host my website. I have a router and a main modem and I think hackers probably can't get in trough router and access my personal computer. What the things should I install (firewall etc.)

[Electronics Wizardy]

2 minutes ago, yigitayaz262 said:

I think hackers probably can't get in trough router and access my personal computer.

Public web services are a common way to get access to more secure non public systems. You get access to that public system, then now you can connect to other systems on the network directly.

 

But is this a issue here, probably not a huge one, esp for a home user. If you want to be more secure put the public server in its own subnet so if someone gets control if it they cna't access your personal pc and other network stuff. Most small buiness routers/firewalls will do this.

 

And make sure the website is secure and updated.

 

But for a home server this normally isn't a huge risk as not that many people are after you, but all up to risk you are willing to have.

[manikyath]

is there any reason for it to be public? if not, i'd keep it locked down.

[Haraikomono]

5 minutes ago, yigitayaz262 said:

My isp allows that and cloudflare gives 59 Tbps ddos protection for free. I will host a private server that handles file transfer, ssh etc. and it will be only accessible with a password. Also there is a public section. It will only host my website. I have a router and a main modem and I think hackers probably can't get in trough router and access my personal computer. What the things should I install (firewall etc.)

sure why not. id recommend though to put up a nice firewall and put the iptables to use.

use letsencrypt for https.

 

[yigitayaz262]

8 minutes ago, manikyath said:

is there any reason for it to be public? if not, i'd keep it locked down.

I only need it to host my website to another users and access my private server from everywhere.

[Levent]

If this thing you gonna host is only going to serve you, I don't see a valid reason for hosting it publicly. Plus dont expect your router and default windows firewall settings to be secure if you are just going to expose various ports unfiltered to the internet. Create your own VPN and run it in that.

[yigitayaz262]

17 minutes ago, Electronics Wizardy said:

Public web services are a common way to get access to more secure non public systems. You get access to that public system, then now you can connect to other systems on the network directly.

 

But is this a issue here, probably not a huge one, esp for a home user. If you want to be more secure put the public server in its own subnet so if someone gets control if it they cna't access your personal pc and other network stuff. Most small buiness routers/firewalls will do this.

 

And make sure the website is secure and updated.

 

But for a home server this normally isn't a huge risk as not that many people are after you, but all up to risk you are willing to have.

Am I understand that right? You are saying connect all servers to your main modem and blacklist your websites or servers ip adress on your second router so 'hackers' can't access your personal machines and connect it to your main modem that has only servers on it.

[Electronics Wizardy]

2 minutes ago, yigitayaz262 said:

Am I understand that right? You are saying connect all servers to your main modem and blacklist your websites or servers ip adress on your second router and connect it to your main modem that has only servers on it.

What modem + router setup do you have? 

 

Yea that setup would work if your modem llows multiple devices

 

Id personally run a single firewall with all devices connected if you can.

[yigitayaz262]

Just now, Electronics Wizardy said:

What modem + router setup do you have? 

 

Yea that setup would work if your modem llows multiple devices

 

Id personally run a single firewall with all devices connected if you can.

I have mi router 4A and the modem my isp provided. Modem has 4 ethernet outputs. We are only using xiaomi one for wifi.

[Electronics Wizardy]

Just now, yigitayaz262 said:

I have mi router 4A and the modem my isp provided. Modem has 4 ethernet outputs. We are only using xiaomi one for wifi.

Id plug the server into the modem in.  Makes pivoting much harder, and no extr config is normally needed as most routers block all inbound connections by defult 

[yigitayaz262]

4 minutes ago, Electronics Wizardy said:

Id plug the server into the modem in.  Makes pivoting much harder, and no extr config is normally needed as most routers block all inbound connections by defult 

I have some experience with kali linux. I will test it to check if it blocking them. (No my discord username is not xXx_PR0_H4CK3R_xXx)