<div dir="ltr"><div>>> I thought it would be convenient and simple to have a separate Raspberry Pi server for each site that I am hosting...</div><div><br></div><div>No reason to really do that today, you can do this all with apache vhosts today, with or without SSL. As I mentioned in my last email, with the introduction of SAN fields in SSL certs, this is entirely unnecessary now. Back at Godaddy early before SAN records, we would soak up ipv4 addresses by the /17-19 CIDR blocks for SSL hosting, but ARIN and others figured out quick with ipv4 exhaustion this was untenable, so they fixed SSL around this. With SAN records, you can have multiple SSL domain names and urls for vhosts to a single cert, so long as the SAN records match the requested url within the cert. Plenty of docs out there to do this, and you can save not needing to buy a /28 CIDR block from cox (and waste more ipv4 addresses when we're all out).<br></div><div><br></div><div>If you really wanted to do more 1:1, you need a firewall that can do complex enough NAT (network address translation) across multiple addresses external to internal private addressing. This is quite simple to setup assuming your firewall is capable ala pfsync or a more enterprise-y firewall. Even buying a cheaper enterprise Fortigate firewall for 400/500 bucks is well capable, not to mention Ubiquiti, Adtran, or numerous other cheaper enterprise-y class devices. <br></div><div><br></div><div>If you have 10 rpi's, you just create a 1:1 translation from your 10 external ip's to whatever internal ip's you have.</div><div><br></div><div>Example:<br></div><div>Cox <a href="http://24.1.2.18:80">24.1.2.18:80</a> translates to Internal <a href="http://10.1.2.10:80">10.1.2.10:80</a> for http<div>Cox <a href="http://24.1.2.19:53">24.1.2.19:53</a> translates to Internal <a href="http://10.1.2.11:53">10.1.2.11:53</a> for dns<br><div>Cox 24.1.2.20:* translates to Internal 10.1.2.100:* for all ports<br></div></div><div>... etc, repeat for each ip:ports needed.<br></div><div><br></div><div>This sort of thing is mostly what I do as a network and firewall dude, glad to help via this list or more realtime chat, jump in the PLUG IRC.<br></div><div><br></div><div>-mb</div><div><br></div></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Thu, Nov 18, 2021 at 1:46 PM Joe Neglia via PLUG-discuss <<a href="mailto:plug-discuss@lists.phxlinux.org">plug-discuss@lists.phxlinux.org</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div dir="ltr"><div><span class="gmail_default" style="font-size:large">I got a block of 16 static public IP's (I think it's called a CIMD /28 or some such lingo). The uppermost and lowest addresses in the block have a special purpose, but that leaves 14 usable static IP's. With the one that I am using, there are 13 remaining ones, seemingly going to waste.</span></div><div><span class="gmail_default" style="font-size:large"><br></span></div><div><span class="gmail_default" style="font-size:large">I thought it would be convenient and simple to have a separate Raspberry Pi server for each site that I am hosting, each with a different static public IP. But couldn't figure out how to do that. My online research led nowhere -- knowledge in this area appears to be scarce. Any advice would be greatly appreciated!<br></span></div><div><span class="gmail_default" style="font-size:large"><br></span></div><div><span class="gmail_default" style="font-size:large">(Incidentally I discovered that Apache has a feature called Virtual Hosts that let's you host multiple websites behind one static public IP. Works great, except that only ONE of the sites hosted that way can have SSL enabled, due to the way Virtual Hosts works. This is how I'm currently set up.)<br></span></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Thu, Nov 18, 2021 at 1:15 PM Michael Butash via PLUG-discuss <<a href="mailto:plug-discuss@lists.phxlinux.org" target="_blank">plug-discuss@lists.phxlinux.org</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div>>> I am told I can rent more static IPs... I assume I will need some hardware to be able to accommodate more than 1 IP unless I am port forwarding to different boxes.</div><div><br></div><div>Not really, just about any *nix-y system can accommodate that with NAT as a firewall/router/gateway, whatever you want to call it, with one ip or many. Even basic WRT-based systems ala netgear/linksys can tend to handle this in theory with basic network iptables features. Probably best would be something like pfsync, which there is plenty of cheap gateway hardware out there that can run it, or any older (ie. cheap) enterprise firewalls.<br></div><div><br></div><div>Old days the biggest reason for multiple ip's was SSL requiring 1:1 IP to DNS binding, but this has gotten easier out of necessity with use of Subject Alternative Names (SAN) as part of the certs. If you need the same external port being forwarded to multiple internal ports/services is about the only other reason for multiple ip's, but as long as you can define separate ports for what is connecting to it, not so much.</div><div><br></div><div>When you get to the point you want to do so, more than few of us have probably done so to help you through it and understand the concepts once you know what you need/want to do.</div><div><br></div><div>>> Cox Business does not block any ports.</div><div><br></div><div>The only residential ports they block really relevant these days is 80 for http (not 443/https, so why 80??), and smtp for email, but these days there is little reason to run your own smtp server unless you're just doing it to do it or honeypot spammers trying to hit you 24/7 for no good reasons. I'd run sslvpn for remote access on https/443 just fine on res service, I just need to make sure to type https://.<br><div><br></div><div>>> I am satisfied with Cox Business</div><div><br></div><div>CBS
service is just pricey (compared to residential) to begin with, unlimited bandwidth and unblocked
ports or not imho, but otherwise about the best/cheapest "business
class" service/support you can get, if you can get it in your hood. </div></div><div><br></div><div>-mb</div><div><br></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Thu, Nov 18, 2021 at 12:04 PM Keith Smith via PLUG-discuss <<a href="mailto:plug-discuss@lists.phxlinux.org" target="_blank">plug-discuss@lists.phxlinux.org</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><br>
I've had a Cox Business account for maybe 8 years. I've only had one <br>
outage, and it was short. My package is a home office type of plan. I <br>
am currently running a LAMP + BIND + Postfix + Dovecot on a laptop on my <br>
single static IP. I am told I can rent more static IPs... I assume I <br>
will need some hardware to be able to accommodate more than 1 IP unless <br>
I am port forwarding to different boxes.<br>
I configured this server on a laptop to see if I could do it. I am a <br>
PHP dev, with some light LAMP server experience. I still have a lot to <br>
learn.<br>
<br>
Cox Business does not block any ports.<br>
<br>
Cox tells me there will never be any overages because on my plan I <br>
purchase a set up and down which cannot be exceeded.<br>
<br>
I am satisfied with Cox Business<br>
<br>
<br>
On 2021-11-14 11:21, Joe Neglia via PLUG-discuss wrote:<br>
> Any recommendations for a reliable ISP?<br>
> <br>
> (Couldn't find any recent discussion in the PLUG archives, so am<br>
> asking here.)<br>
> <br>
> I currently have a business account (I'm running a small server on a<br>
> static public IP address for my business), but am having a *terrible*<br>
> time with my current ISP. Worked *great* for about a year, but have<br>
> been having daily outages for about a month now.<br>
> <br>
> Don't even want to say the name for fear of being sued for libel. They<br>
> were honest enough to admit it is an "internal issue", and have no ETA<br>
> on a fix. "[Their] technicians continue to work to resolve the<br>
> problem in [my] neighborhood. Currently, there is no estimated time<br>
> for when service will be restored."<br>
> <br>
> I get the feeling they don't have a grasp on the problem, as when I<br>
> call their status line they report an outage even when the system is<br>
> up. When my connection goes down, a modem reboot sometimes (but not<br>
> always) gets me connected again.<br>
> <br>
> Speed is not an issue. But reliability is! Any suggestions would be<br>
> greatly appreciated.<br>
> ---------------------------------------------------<br>
> PLUG-discuss mailing list - <a href="mailto:PLUG-discuss@lists.phxlinux.org" target="_blank">PLUG-discuss@lists.phxlinux.org</a><br>
> To subscribe, unsubscribe, or to change your mail settings:<br>
> <a href="https://lists.phxlinux.org/mailman/listinfo/plug-discuss" rel="noreferrer" target="_blank">https://lists.phxlinux.org/mailman/listinfo/plug-discuss</a><br>
---------------------------------------------------<br>
PLUG-discuss mailing list - <a href="mailto:PLUG-discuss@lists.phxlinux.org" target="_blank">PLUG-discuss@lists.phxlinux.org</a><br>
To subscribe, unsubscribe, or to change your mail settings:<br>
<a href="https://lists.phxlinux.org/mailman/listinfo/plug-discuss" rel="noreferrer" target="_blank">https://lists.phxlinux.org/mailman/listinfo/plug-discuss</a></blockquote></div>
---------------------------------------------------<br>
PLUG-discuss mailing list - <a href="mailto:PLUG-discuss@lists.phxlinux.org" target="_blank">PLUG-discuss@lists.phxlinux.org</a><br>
To subscribe, unsubscribe, or to change your mail settings:<br>
<a href="https://lists.phxlinux.org/mailman/listinfo/plug-discuss" rel="noreferrer" target="_blank">https://lists.phxlinux.org/mailman/listinfo/plug-discuss</a></blockquote></div></div>
---------------------------------------------------<br>
PLUG-discuss mailing list - <a href="mailto:PLUG-discuss@lists.phxlinux.org" target="_blank">PLUG-discuss@lists.phxlinux.org</a><br>
To subscribe, unsubscribe, or to change your mail settings:<br>
<a href="https://lists.phxlinux.org/mailman/listinfo/plug-discuss" rel="noreferrer" target="_blank">https://lists.phxlinux.org/mailman/listinfo/plug-discuss</a></blockquote></div>