Hello, I’m getting into self hosting and looking to setup a small home lab to play around with different technologies. I’m considering setting up a DMZ to keep my lab hardware separate from the rest of the network and other users. What is some of the minimal hardware required to do this on a small budget? Also what are some of the necessary security measures I should understand. One of my first projects would be to setup a small Linux box that I can ssh into remotely. Thanks.
EDIT After much reading today and great guidance from this community this is basically what i ended up doing… Got a dell optiplex on ebay for about 55 bucks and a dual intel network card on amazon with a managed switch. If i can bridge my current router as an access point, i should be on my way! This community rocks! Lemmy is awesome!
It depends on what u wanna run, I use an old AMD A8-7600B, wich by today standards is less than a laptop cpu. But I run OpenMediaVault wich is just a NAS, so usually my cpu usage with 2 users at the same time is around %40-%60.
I recommend u to use passmark as a reference, just tipe the cpu u have in mind + passmark and make thr comparison with mine so u can have an idea.
Manually set up the local IP of ur machine in the router/modem, then in the computer (so everything is failsafe), then configure the firewall (I recommended ufw) and only allow the ports that u need in the necessary protocol, nothing more. Also, to be script kiddos safe I recommend to change the ports of everything that u can, in this case SSH, I don’t remember the usual port, but change it to something like 666, 999, 6666, u get the idea, if we aren’t the same as every other server in existence we r gonna be safe most of the time, disable password login and use an rsa key.
And usually it isn’t necessary once u set up the machine as DMZ, but sometimes it doesn’t accepts the request so make sure u can access using ur celular data. Otherwise u’ll need to do some port forwarding, just do it plainly 443 to 443 and the like.
You are not logged in. However you can subscribe from another Fediverse account, for example Lemmy or Mastodon. To do this, paste the following into the search field of your instance: [email protected]
A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don’t control.
Rules:
Be civil: we’re here to support and learn from one another. Insults won’t be tolerated. Flame wars are frowned upon.
No spam posting.
Don’t duplicate the full text of your blog or github here. Just post the link for folks to click.
Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).
It depends on what u wanna run, I use an old AMD A8-7600B, wich by today standards is less than a laptop cpu. But I run OpenMediaVault wich is just a NAS, so usually my cpu usage with 2 users at the same time is around %40-%60. I recommend u to use passmark as a reference, just tipe the cpu u have in mind + passmark and make thr comparison with mine so u can have an idea.
Manually set up the local IP of ur machine in the router/modem, then in the computer (so everything is failsafe), then configure the firewall (I recommended ufw) and only allow the ports that u need in the necessary protocol, nothing more. Also, to be script kiddos safe I recommend to change the ports of everything that u can, in this case SSH, I don’t remember the usual port, but change it to something like 666, 999, 6666, u get the idea, if we aren’t the same as every other server in existence we r gonna be safe most of the time, disable password login and use an rsa key.
And usually it isn’t necessary once u set up the machine as DMZ, but sometimes it doesn’t accepts the request so make sure u can access using ur celular data. Otherwise u’ll need to do some port forwarding, just do it plainly 443 to 443 and the like.