I have a host name whose dns points to my home IP. I use this for game servers for my buddies. Should I be worried about my home IP being easily accessible like this, and should I get a physical firewall appliance to protect myself?

Servers are running Windows Server 2019 and Mac OSX.

  • Shadow@lemmy.ca
    link
    fedilink
    arrow-up
    14
    ·
    5 months ago

    If you have a router, you already own one.

    Pointing a hostname to your ip doesn’t do anything meaningful.

  • poVoq@slrpnk.net
    link
    fedilink
    arrow-up
    8
    arrow-down
    1
    ·
    edit-2
    5 months ago

    Yes, don’t expose Windows to the internet 😒

    https://opnsense.org/ is a good system if you want an easy to install and open-source firewall.

    Edit: no need to buy their official hardware. Any x86 system with two network ports will do.

  • Ptsf@lemmy.world
    link
    fedilink
    arrow-up
    3
    ·
    5 months ago

    Unless you’re just opening up all the ports on your router, it should be blocking all incoming connections by default. I’d recommend doing 1:1 port mapping for the specific internal ips of your services if your router provides that capability, but at minimum just locking it down to only opening the ports required for your services should suffice.

  • Pumpkin Escobar@lemmy.world
    link
    fedilink
    English
    arrow-up
    3
    ·
    edit-2
    5 months ago

    Hopefully you’re only forwarding the minimal set of network ports and not all ports/traffic? If so then you’re good, like someone else said if you’ve got a router and it’s forwarding selected traffic then no need for anything else

  • Sailing7@lemmy.ml
    link
    fedilink
    arrow-up
    2
    ·
    5 months ago

    Nah, probably not. All routers you can buy today will route and by default have their firewall active. Make sure, auto-updates are activated on your router.

    Check your server OS’ses and the Software running on them for updates on a regular basis - since they are partially made available to the public and are potential attack vectors.

    Though if you only port-forwarded a couple ports that dont include the RDP port or something wildly stupid, you should be safe.

    Follow some best practises as:

    • try to dont run your Gameserver Software as administrator but instead with a account with as low privileges as possible.
    • update your OS’ses, Softwares and Router/FW Appliance.

    Don’t let yourself fool by the guys telling ya to setup a full fledged firewall system when you obviously don’t even know basic networking. You would be overwhelmed by the configurationpossibilities.

    If you want to dangle your foot in some cold water - try em out and put some machines behind them to learn what behaves how. But dont make em your only protection against the public internet when you don’t know basic networking stuff.

    Happy Sailin’ matey!

  • unrushed233@lemmings.world
    link
    fedilink
    arrow-up
    1
    ·
    5 months ago

    I recommend building your own firewall. There are awesome, FOSS, FreeBSD-based firewall operating systems like pfSense and OPNSense. You can do a whole bunch of cool stuff with them, like block ads, scan incoming traffic for malware, monitor your network, collect data about your connections and visualize them in a nice dashboard and more.

  • MystikIncarnate@lemmy.ca
    link
    fedilink
    English
    arrow-up
    2
    arrow-down
    1
    ·
    5 months ago

    It depends. If you’re forwarding a lot of ports then maybe, but just a home gaming server? Probably not a big deal.

    Just don’t forward ports for remote control and you’ll be fine, especially RDP (3389 IIRC), and SSH…