masking true location of server

[OogyWaWa]

I would like to host a webserver from home, but want to mask the location from the general internet. Can i use some kind of vpn or similar trunk/proxy?

I want all the response messages to be source of the trunk


123.com -> some trunk -> my server

 

[XavierMace]

Be aware that if you are running a standard home internet connection, your ISP may block incoming port 80 requests.

 

[Phantomaniac]

I don't know of any free services that do this. I'm sure you could buy a virtual server and set up nginx to accomplish this, but at that point you might as well just host from the virtual server. They can be had very cheaply these days: http://www.lowendbox.com/

Any reason in particular you're trying to do this? There may be an easier alternative like hardening your router.

 

[John Connor]

I never set up a server before, but I'm sure it has to be as easy as just connecting to a dedicated VPN in the server. But I'm not sure if the VPN will allow access to port 80. http://torrentfreak.com/vpn-services-that-take-your-anonymity-seriously-2013-edition-130302/

 

[Savatar]

You could just set up a reverse proxy on a third-party host (the 'trunk') which just calls the same path on your local server and returns the results. See: http://httpd.apache.org/docs/2.2/mod/mod_proxy.html The original requestor, then, shouldn't be able to see which server the reply is actually coming from unless something is misconfigured or they compromise the remote third-party host and get access to the configuration... it will look to them as if the third-party host is the actual web server.

However, this will only work for people viewing your webserver and not outbound requests if you are thinking about doing anything else from it.

From the website:
"A reverse proxy (or gateway), by contrast, appears to the client just like an ordinary web server. No special configuration on the client is necessary. The client makes ordinary requests for content in the name-space of the reverse proxy. The reverse proxy then decides where to send those requests, and returns the content as if it was itself the origin."

You can even chain these together, though I don't see much value in that off-hand.

 

[John Connor]

Be aware that if you are running a standard home internet connection, your ISP may block incoming port 80 requests.

I just stuck my computer in the DMZ and turned off the firewall to see what ports were closed or open by Comcast using GRC's Shields up. I was surprised that damn near all the ports were indicated as closed, but it failed the test, most likely I was pingable.

 

[Savatar]

I just stuck my computer in the DMZ and turned off the firewall to see what ports were closed or open by Comcast using GRC's Shields up. I was surprised that damn near all the ports were indicated as closed, but it failed the test, most likely I was pingable.

Are you sure that you were running a web server or a process that was a listening to the ports you were checking? Every port will show as closed unless you have a specific process listening on those ports... so for most users, the vast majority of ports _should_ be closed (this is not the same as stealthed, where your system does not reply to a SYN request).

 

[John Connor]

So port 80 will be accessible by a server on Comcast I assume? I do have a TS server running, but those ports are in the 30,000's.

I just thought of a way I can test this. I can put my SSH server in the router in port 80 and see if I can connect with Puty using my domain name.

 

[John Connor]

Well, I just tried to connect to the SSH server using port 80 and I couldn't get in. So indeed Comcast blocks the port.