Sophos

[ChriZ]

Lol, yes...
ATM, DNAT works as it should..
I can properly access anything I want using Port forwarding and my dyndns account.
@joeschmuck : The reason I want this to work (and can't for the time being) is this:
Imagine I have a camera on port 8585.
Now, using DNAT I can enter mysite.dyndns.com:8585 and I can access it, no problem.
With reverse proxy I will be able to enter something like mysite.dyndns.com/camera and it will redirect me to the correct place without the need to enter complicated port numbers on the URL, nor the need to use port forwarding.
So instead of having:
mysite.dyndns.com:8585 --> Camera 1
mysite.dyndns.com:8586 --> Camera 2
mysite.dyndns.com:8587 --> Camera 3
you can simply access them via
mysite.dyndns.com/camera1
mysite.dyndns.com/camera2
mysite.dyndns.com/camera3

@pirateghost : You were my hope but was unlucky, lolll... I hope someone else can offer some insight...

 

[pirateghost]

I will play with it when I get a chance

 

[ChriZ]

@pirateghost : Thank you very much, man, but no worries... I found out what I was doing wrong...
I had DNAT enabled and it was conflicting with the reverse proxy...
Once I disabled all DNAT rules I was able to make it work with an exception: I cannot use mysite.dyndns.com/camera1
However, since I have dyndns pro and can add up to 30 hosts, I can succesfully use something like mysite-cam1.dyndns.com,mysite-cam2.dyndns.com, etc...
I would prefer to have the same hostname and and use mysite.dyndns.com/cam1, /cam2 etc, but oh well...
If you ever find some time to make it work this way, please let me know!

 

[joeschmuck]

I cannot use mysite.dyndns.com/camera1

That sucks. You know you could use WebHop on DYNDNS just as well and just specify the port address, same result it sounds like. I have one called "joeschmuck.homeftp.org" (the name is very close to my real one) and the webhop is "http://joeschmuck.homedns.org:2025/". So I could create an account as you say and just point it to my main account plus the port number, no need for reverse lookup anything. I also have a DynDNS Pro account, it's worth it when you pay for a 5 year plan.

 

[pirateghost]

For the cost of dyndns, you can buy a real domain name from a registrar that supports dynamic DNS clients. I use Google domains and namecheap


Damn, I just looked at their pricing. They are raping people....

$12/year for a domain name from namecheap or Google domains, and both of them support dynamic DNS clients.

 

[ChriZ]

@joeschmuck : I did not think of webhops, actually.. I may change to that, in order to have a more unified naming..
@pirateghost : You have a point, but had been using their free service for 5 or so years when they stopped being free, so continued with them afterwards ( I said to myself that since I had been using their service for free all those years, it was my way of saying thanks to them if I stayed with them...)

 

[Jailer]

For the cost of dyndns, you can buy a real domain name from a registrar that supports dynamic DNS clients. I use Google domains and namecheap


Damn, I just looked at their pricing. They are raping people....

$12/year for a domain name from namecheap or Google domains, and both of them support dynamic DNS clients.

Namecheap has a special going right now for $9.84 for the first year with coupon code HOTREGXFER. Been thinking about purchasing a domain and was just checking them out a couple days ago.

 

[joeschmuck]

Hum... DynDNS cost me $52 for 5 years, must have been a promo, and I have just over 3 years left. Maybe I'll check out namecheap or google domains, worth looking into for the heck of it.

 

[Jailer]

If nothing else it's cheap enough to park one for future use if needed.

 

[joeschmuck]

If nothing else it's cheap enough to park one for future use if needed.

I guess I'm ignorant to this because it all looks like it would cost me a minimum of $10/yr for the name. Maybe you could school me a little here...

My current needs for a domain name is simply to access my home system from work or when I'm on the road. It's not anything critical and I use RDP to access my main computer. I started to pay for the domain name because I got tired of monthly logging in to say I'm still using the name. My cost was basically $50 for 5 years, that sounded very reasonable to me and I can create up to 30 different domain names (I only use 2, one for the computer, one for an FTP server and my ISP does provide two dynamic IP addresses so I use them).

If I go to lets say GoDaddy.com (I'm up for suggestions) and purchase the name "joeschmuck.com" (just as an example of course), and it cost me $10/yr from that point on. I go ahead and grab a 5 year license because I would expect to retain it for a very long time.

I would eventually use my new found identity also for email addresses like "joe@joeschmuck.com" and "marybeth@joeschmuck.com" so I'm not sure if I would run an email server which I'd have no problem doing, or if a certain amount of email addresses come with some of these services. I'm one cheap bastard at times so running my own email server in a FreeNAS 10 jail might be a possibility.

I don't have any expectations to run a Web Server however I would run an FTP server so I'd like to access it using "ftp.joeschmuckatelli.com" and maybe "sftp.joeschmuckatelli.com".

So any help in understanding this better would be greatly appreciated. If there is some goo thread which discusses this, I haven't found it but then again, I'm not certain what I'm looking for.

===========================
Well my Sophos project is virtually complete. I replaced my Realtek NICs with a nice and cheap Intel EXPI940PT PCIe card. I paid ~$60 for a pair of them in case I need a second one later down the road (maybe for FreeNAS). They were used of course but they look brand new and work perfectly. I then moved all my networking equipment from my computer room into the basement and relocated my Asus router (now just an AP) into the middle of the house. I need to play around with the AP and see how things work if it's directly connected to Sophos vice just the LAN. I'm not certain it will operate the way I expect it to since it's not a Sophos AP.

My typical current draw for the Sophos computer is 45 to 46 watts and I'm sure it will bump up a little but so far the spikes are around 48 watts. Still it's not bad just for re-purposing an older computer. The only things left to configure on Sophos is IMAP email but since Sophos doesn't support IMAP yet, I'll have to wait. Otherwise it's pretty much complete but I'm sure I'll do some tweaking here and there to fine tune things.

 

[gpsguy]

Since you mentioned RDP access, have you configured HTML 5 VPN yet? It's super easy to configure and works great!

 

[ChriZ]

@joeschmuck : I am not 100% sure but I think that in order to use sophos wireless protection with hotspots etc, your AP must be connected directly to a sophos Ethernet port.

On my end I am facing an issue, in case someone can offer some insight.. On my webserver I have also virtualbox+phpvirtualbox installed. And while from inside the network I can connect using IP/vbox, from outside I get an Ajax parse error, instead of the login screen. Is there a problem with vbox and reverse proxy, perhaps?
I know my camera was a fail with reverse proxy...audio was not working..

 

[joeschmuck]

Since you mentioned RDP access, have you configured HTML 5 VPN yet? It's super easy to configure and works great!

I had not set it up until now but since I moved all my network gear to the basement, I have not actually setup my second router so I do not have two external IP addresses today so I cannot test it from home right now, however once I realize how to setup a VLAN so I can have two WAN MAC addresses, then I'll have things working in my favor.

 

[joeschmuck]

I am not 100% sure but I think that in order to use sophos wireless protection with hotspots etc, your AP must be connected directly to a sophos Ethernet port.

I have a separate Ethernet port already assigned for the AP however just not yet connected. I'm going to take my sweet time making changes to this system as to not piss off the family. Eventually I will get there but I'm not sure of the control I'll have.

 

[Jailer]

I guess I'm ignorant to this because it all looks like it would cost me a minimum of $10/yr for the name. Maybe you could school me a little here...

My current needs for a domain name is simply to access my home system from work or when I'm on the road. It's not anything critical and I use RDP to access my main computer. I started to pay for the domain name because I got tired of monthly logging in to say I'm still using the name. My cost was basically $50 for 5 years, that sounded very reasonable to me and I can create up to 30 different domain names (I only use 2, one for the computer, one for an FTP server and my ISP does provide two dynamic IP addresses so I use them).

If I go to lets say GoDaddy.com (I'm up for suggestions) and purchase the name "joeschmuck.com" (just as an example of course), and it cost me $10/yr from that point on. I go ahead and grab a 5 year license because I would expect to retain it for a very long time.

I would eventually use my new found identity also for email addresses like "joe@joeschmuck.com" and "marybeth@joeschmuck.com" so I'm not sure if I would run an email server which I'd have no problem doing, or if a certain amount of email addresses come with some of these services. I'm one cheap bastard at times so running my own email server in a FreeNAS 10 jail might be a possibility.

I don't have any expectations to run a Web Server however I would run an FTP server so I'd like to access it using "ftp.joeschmuckatelli.com" and maybe "sftp.joeschmuckatelli.com".

So any help in understanding this better would be greatly appreciated. If there is some goo thread which discusses this, I haven't found it but then again, I'm not certain what I'm looking for.

Heh, not much enlightenment to give here. I haven't purchased a domain and am still researching it myself. I was just thinking that purchasing a domain would make it yours regardless of where you go or who hosts your site(s). Whether you host it or you pay to have it hosted it's yours. Not sure if that's the case with dyn or not. Namecheap does offer up to 200 subdomains with each domain purchase that again would be subdomains of yours. Nice if you have multiple sites you want to host. Again I'm no expert but that's what I've found out in my research. Also everything I have found says to stay waaaay far away from godaddy.

As far as email goes I don't have a clue on that. There are some free transactional email services out there such as Mailgun and Mandrill that offer a certain amount/year for free but for anything else I just don't know enough to comment on it.

 

[gpsguy]

Can you tether a laptop off your phone? If so, just use that to get an outside connection that you can test from home.

 

[joeschmuck]

Can you tether a laptop off your phone? If so, just use that to get an outside connection that you can test from home.

LOL, my flip phone? I do not have a smart phone or one which uses the internet. Yes, I'm a bit behind the times but I believe a cell phone should be a phone, not something like my daughter uses it for which is playing games, IM, facebook, web surfing, etc... But lord forbid I call her and she has to answer it and talk on it.

I'll get that second external IP and test it, I just need to get another switch to make things work or find out if I can make the WAN port on the Sophos machine become 2 mac addresses. That would work fine for me too.

 

[joeschmuck]

I haven't purchased a domain and am still researching it myself.

It just sounded like you had some experience so I was hoping for some advice.

 

[ChriZ]

On my end I am facing an issue, in case someone can offer some insight.. On my webserver I have also virtualbox+phpvirtualbox installed. And while from inside the network I can connect using IP/vbox, from outside I get an Ajax parse error, instead of the login screen. Is there a problem with vbox and reverse proxy, perhaps?
I know my camera was a fail with reverse proxy...audio was not working..

Found out what was causing the issue... Rewrite html in Advanced settings of the virtual webserver..
Posting just in case someone else faces this issue, too...

 

[ChriZ]

Things are slowly progressing at my end...
I tested an old Atom motherboard I had laying around and sophos recognizes the interfaces (one realtek and one Marvel PCI)
I know they kinda suck, but for my lame internet connection, even 100Mbit NICS would suffice. Those are (supposed to be) Gigabit.
In due time I will replace the existing machine (It gets wasted as a UTM).
I also happen to have a 3g/UMTS modem, a Huawei E220 and seems to be supported by Sophos.
During the weekend, if I have enough time, I will try to setup a 3g/failover - just to test...

I'll get that second external IP and test it, I just need to get another switch to make things work or find out if I can make the WAN port on the Sophos machine become 2 mac addresses. That would work fine for me too.

@joeschmuck, I don't think that this is possible. I personally have a D-Link DWR-730 3g router and turn it on whenever I want to test stuff..