this post was submitted on 27 Jun 2024
10 points (85.7% liked)

homelab

6574 readers
3 users here now

founded 4 years ago
MODERATORS
 

I have a host name whose dns points to my home IP. I use this for game servers for my buddies. Should I be worried about my home IP being easily accessible like this, and should I get a physical firewall appliance to protect myself?

Servers are running Windows Server 2019 and Mac OSX.

top 9 comments
sorted by: hot top controversial new old
[–] [email protected] 14 points 4 months ago

If you have a router, you already own one.

Pointing a hostname to your ip doesn't do anything meaningful.

[–] [email protected] 7 points 4 months ago* (last edited 4 months ago) (1 children)

Yes, don't expose Windows to the internet 😒

https://opnsense.org/ is a good system if you want an easy to install and open-source firewall.

Edit: no need to buy their official hardware. Any x86 system with two network ports will do.

[–] [email protected] 2 points 4 months ago

Yes, don’t expose Windows to the internet

It sounds like they're just exposing a game server, not windows.

[–] Ptsf 3 points 4 months ago

Unless you're just opening up all the ports on your router, it should be blocking all incoming connections by default. I'd recommend doing 1:1 port mapping for the specific internal ips of your services if your router provides that capability, but at minimum just locking it down to only opening the ports required for your services should suffice.

[–] PumpkinEscobar 3 points 4 months ago* (last edited 4 months ago)

Hopefully you’re only forwarding the minimal set of network ports and not all ports/traffic? If so then you’re good, like someone else said if you’ve got a router and it’s forwarding selected traffic then no need for anything else

[–] [email protected] 2 points 4 months ago (1 children)

Nah, probably not. All routers you can buy today will route and by default have their firewall active. Make sure, auto-updates are activated on your router.

Check your server OS'ses and the Software running on them for updates on a regular basis - since they are partially made available to the public and are potential attack vectors.

Though if you only port-forwarded a couple ports that dont include the RDP port or something wildly stupid, you should be safe.

Follow some best practises as:

  • try to dont run your Gameserver Software as administrator but instead with a account with as low privileges as possible.
  • update your OS'ses, Softwares and Router/FW Appliance.

Don't let yourself fool by the guys telling ya to setup a full fledged firewall system when you obviously don't even know basic networking. You would be overwhelmed by the configurationpossibilities.

If you want to dangle your foot in some cold water - try em out and put some machines behind them to learn what behaves how. But dont make em your only protection against the public internet when you don't know basic networking stuff.

Happy Sailin' matey!

[–] [email protected] 1 points 4 months ago

I actually have a degree in networking lol

[–] [email protected] 1 points 4 months ago

It depends. If you're forwarding a lot of ports then maybe, but just a home gaming server? Probably not a big deal.

Just don't forward ports for remote control and you'll be fine, especially RDP (3389 IIRC), and SSH..

[–] [email protected] 1 points 4 months ago

I recommend building your own firewall. There are awesome, FOSS, FreeBSD-based firewall operating systems like pfSense and OPNSense. You can do a whole bunch of cool stuff with them, like block ads, scan incoming traffic for malware, monitor your network, collect data about your connections and visualize them in a nice dashboard and more.