Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Mine is in the corner of the room I’m in right now. It’s a little NUC under an armchair. I have a tiny ec2 instance which provides my permanent IP and forwards web and certain ssh requests using a VPN connection and iptables. This allows me to have a beefier machine here, keep logs etc local, run alternative OS (smartos), and just generally tinker.

The ec2 fronting technique I stole from the Helm home email appliance/service. Paying three years up front it worked out to less than $3/month.



Would you happen to have time to provide some more details about using EC2 to get permanent IP? I've been thinking of using wireguard to connect an old PC to my VPS to run video game servers, so this is very interesting to me!


Happy to help although it was ~3 years ago I set this up and it uses openVPN as I have not switched over to Wireguard yet (been meaning to).

I do recall that setting up port forwarding and NAT and both sides was the biggest pain (I do not regularly do network admin!), exacerbated by the fact that the client side is smartOS which uses a different system (ipfilter) than linux (iptables) so there were two cryptic network filtering DSLs to learn. The VPN part was relatively easy as it's just a point to point connection with the local machine as the client, configured to reconnect when the connection is lost and on boot.

On the ec2 side this is (approximately) my iptables setup (1234 and 5678 are stand-ins for ports I use to ssh into the local machine from anywhere on the internet, I have two because there are multiple (smartOS/Solaris) zones on the machine):

  sudo iptables -L
  Chain INPUT (policy ACCEPT)
  target     prot opt source               destination         
  ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:http
  ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:https
  ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:1234
  ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:5678

  Chain FORWARD (policy ACCEPT)
  target     prot opt source               destination         
  ACCEPT     tcp  --  anywhere             ip-10-4-0-2.ec2.internal  tcp dpt:http
  ACCEPT     tcp  --  anywhere             ip-10-4-0-2.ec2.internal  tcp dpt:https
  ACCEPT     tcp  --  anywhere             ip-10-4-0-2.ec2.internal  tcp dpt:1234
  ACCEPT     tcp  --  anywhere             ip-10-4-0-2.ec2.internal  tcp dpt:5678

  Chain OUTPUT (policy ACCEPT)
  target     prot opt source               destination         
  ACCEPT     tcp  --  anywhere             anywhere             tcp spt:http
On the ec2 side, openvpn conf:

  dev tun1
  ifconfig 10.4.0.1 10.4.0.2
  verb 5
  secret local.key
  cipher AES-256-CBC
  keepalive 10 60
  persist-tun
  persist-key
On the local side, openvpn:

  remote [ec2 ip adr here]
  dev tun1
  ifconfig 10.4.0.2 10.4.0.1
  verb 5
  secret ec2.key
  cipher AES-256-CBC
  keepalive 10 60
  persist-tun
  persist-key
On the local side, ipf conf in ipnat.conf. This is abbreviated as most of the stuff in there is just forwarding amid the zones which is not relevant to a simple linux setup without zones. In addition to figuring out the iptables equivalent I believed you'd want to replace the 102 adr (which in this case is a zone) with your local machine (like 0.0.0.0/0 or whatever):

  map net0 10.0.0.102/32 -> 0/32
  map tun1 10.0.0.102/32 -> 10.4.0.2
(not sure if the first line is even relevant or not, it's been a while)


Wow, thank you so much! This leaves me no excuse to procrastinate on implementing my plans any longer.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: