i'm currently running a website off 3 linux servers. I'd like to setup a private network and only allow port 80 traffic to one of the servers. I'd also like to setup a vpn so only I can access the servers via ssh or any port for developing/debugging.
-
How hard is this to setup and what do I need to get? Do enterprise/commercial routers have vpn functionality built in?
-
how do I handle DNS? eg- www.mydomain.com would need to point to the router, which forwards traffic to the webserver. Do I set the A record to the router, and somehow tell the router which server to send the http request to? And how would I make server1.mydomain.com resolve to server1 within the private network (without editing host files)? Would I need to run my own DNS (eg- powerdns?) to do this?
Best Answer
Get a good firewall. I recommend Astaro Security Gateway, but there are quite a few others that can do VPN and the (standard) traffic restrictions that you require.
If you have a mid-level PC with two NICs, the Astaro software is free. You can have it setup and configured in 60 to 90 minutes from when you burn the CD. Or you can buy a good quality hardware appliance and service/support for around US$1200. I would go with the appliance and support.