I have the following configuration, Apache Web host that is running on my local PC at port 4444.
I've registered at noip.com for DDNS, and I've done setup correctly.
Was wondering, since I am little paranoid of exposing my IP to the public when representing web app to clients, so is it possible for me to run VPN localy, so when DDNS resolves IP it will point at my VPN connection?
I have only basic knowledge of iptables, which is not sufficient for this task.
Currently using Debian 8.
Thanks for your help!
Best Answer
In case you want to hide your web server's port using a VPN (openvpn) on the web server host
In that case, you could
In that scenario, you probably don't even need iptables. Your router only knows to forward that one port (1194) to your host, and that one port can only be established or connected to with the correct keys and certificates. All other ports don't need to be closed, because they cannot be reached via your router.
In case you want to make your web server connectable only from the VPN IP address
I assume from your comments, however, that you use the VPN from your laptop, and that your web server is connected to "plain" internet. In that scenario, you open up your firewall/iptables only for your VPN IP, e. g. 3.2.2.2
iptables -A INPUT -s 3.2.2.2/32 -j ACCEPT
or, more fine granular
iptables -A INPUT -p tcp -s 3.2.2.2/32 --dport 4444 -j ACCEPT
Attention: this must not be the only rule. You probably want to access your host via SSH from your local network, or generally allow everything from your local network:
iptables -A INPUT -s 192.168.1.0/24 -j ACCEPT
Also, you want to allow localhost traffic:
iptables -A INPUT -i lo -j ACCEPT
After that, you can close every other incoming port:
iptables -P INPUT DROP
Be sure to check this thoroughly against your own IP address range and your own VPN IP address.
Also, you have to configure your router/modem to forward any port, e. g. 4444 or 44444 to your web server port 4444.
In case you want to run your VPN service (private internet access) and your web server on the same host
Looking up privateinternetaccess.com, I figured out that
So to
you would
3.2.2.2
as your IP address, update it in the DDNS server, and your clients can resolveyourhost.yourddns.com
to3.2.2.2
.