I want to setup a web server. I'v already obtained static IP and I have debian server running with apache+nginx. And, I want to make my webserver visible from outside of the office.
Here I have following scheme of routers -
- Provider router(or modem?), which gets phone connection and gives internet to whole office.
- Router(TP-Link TL-R860) which connects to router 1.
- WI-FI Router (TRENDNET TEW-652BRP), which connects to router 2.
- Web server, which connects to router 3.
It is possible at all somehow to get what I want or for example, I need to somehow reconfigure all connections?
Disconnect the webserver from the wifi router.
Connect the webserver to the ISP modem/router.
Configure a DMZ on the ISP modem/router and configure your webserver to be in that DMZ.
Set up a firewall using iptables on the web server to deny all traffic except the web traffic (port 80, 443, 22 for outside access maybe?). Package arno-iptables-firewall helps with automating iptables firewall, or the lenny package ipmasq which still works on squeeze, you just have to download it yourself and dpkg -i it.
If you decide to open port 22 for ssh access to the internet then install fail2ban to discourage brute force attacks. Also consider to only allow password-less entry using keys.
Note: Do NOT use NAT if you can help it. It's not any more secure and it's a bad hack to work around lack of IP addresses in IPv4. Thank goodness we won't need that nonsense on IPv6.