0

If I configure my cable modem' built-in router to forward port 80 or port 443 to my upcoming Raspbian host, what else do I need to do to un the router's settings and in the Raspbian settings to keep this host secure from the outside world?

I'm planning on setting up a Raspberry Pi running Raspbian at my home with an easy to set up web server (e.g. Apache or Nginx) for serving static files (e.g. documents) outside my home network, basically providing an easy way for someone (me) to go to the dynamic DNS web site and download the documents from a public, untrusted computer running any arbitrary software, keylogger, and who knows what.

For this reason, I do not want to serve the files from anything such as Dropbox or Google that requires me to log-into anything substantial.

Also for this reason, I would prefer to keep the Raspbian host on my "external" home network available through my cable modem's built-in router on the 192.168.1.x network rather than on my "internal" network with trusted devices behind a second 192.168.0.x router that is behind the cable modem.

jia103
  • 524
  • 2
  • 10
  • 23
  • How many ethernet ports does your cable modem have? – DavidPostill Aug 19 '18 at 09:28
  • Ok fine. It's a router even though the cable provider calls it a "cable modem" for Internet and TV channels. It has four Ethernet ports and one more for the uplink, which is coming from the tiny fiber-to-Ethernet converter box that they also provided. I haven't figured out the TV channels yet as we use an HDTV antenna. – jia103 Aug 19 '18 at 15:53
  • So you will need a second router if you want to have two separate networks. – DavidPostill Aug 19 '18 at 17:55
  • Edited the post to incorporate clarifications to the comments so far. – jia103 Aug 21 '18 at 11:22

1 Answers1

0

What you are looking for is a DMZ. You didn't specify the brand/module of the modem/router that you have. But most modern routers have this option in their firewall settings.

See, https://superuser.com/a/17575/425048, and read the other answers for why this setup has security risks.

ender.qa
  • 166
  • 6
  • I don't think so. One of the other answers in the same post mentions how the DMZ alone still keeps the host on the same internal network, and mentions the use of a second NAT router, which is how I described my current existing setup. My question now is what else do I need to do to secure/compartmentalize everything beyond the second NAT. – jia103 Aug 24 '18 at 12:54