On 7/31/20 1:39 PM, james wrote:
I'd like to start with a basic list/brief description of these, please?
They basically come down to two broad categories:
1) Have the ""static IP bound to an additional network interface on the
destination system and leverage routing to get from clients to it.
2) Have the ""static IP bound to a remote system that forwards traffic
to a different address on the local system.
Traffic frequently spans the network between the local system and the
remote system through some sort of VPN.
Note: VPNs can be encrypted or unencrypted.
I think one of the simpler things to do is to have something like a
Raspberry Pi (a common, simple, inexpensive example) SSH to a Virtual
Private Server somewhere on the Internet and use remote port forwarding.
root@pi# ssh root@vps -R 203.0.113.23:25:127.0.0.1:25
Note: I'm using root to simplify the example. Apply security best
practices.
This will allow port 25 on a VPS with a (true) static IP (configured in
/etc/conf.d/net) to receive TCP connections and forward them to your
local mail server completely independent of what IP your local Pi may
connect to the Internet with.
Your MX record(s) resolve to the IP address of the VPS. You can change
local IPs or ISPs or even country as often as you like.
Another more complex method is to use a more traditional VPN; e.g. GRE
tunnel, IPsec tunnel, SSH L2 / L3 tunnel, OpenVPN, WireGuard and IP
forwarding on the VPS to route the TCP connections to the local mail server.
Things quickly get deep in minutia of what method you want to use and
what you want to go over it.
I think the SSH remote port forwarding is an elegant technique. It's
relatively simple and it has the added advantage that when the
connection is down the VPS will not establish a TCP connection (because
ssh is not listening on the remotely forwarded port) thus remote
connecting systems will fail hard / fast, thus it's more likely to be
brought to a human's attention.
--
Grant. . . .
unix || die
