1

I have installed a software in a Ubuntu Server 14.04.

I need this server to be only accesible within LAN network, for security reasons I want it to be no way accesible from outside. Also, I need to give it a static IP address.

This is what I have done:

sudo vi /etc/network/interfaces

And I have set up the following

auto eth0
iface eth0 inet static
address 192.168.1.109
netmask 255.255.255.0
network 192.168.1.1
broadcast 192.186.1.255

Is any of these unnecesary? Do I need anything else? Can I somehow set something up here to prevent my server from being accesible from the internet?

Thank you very much for your answers.

pablito.aven
  • 111
  • 1
  • 2

1 Answers1

1

If you don't have any kind of port forwarding enabled in your router, any port of any local IP address won't be accessible from the Internet. So as you have used the static private IP address 192.168.1.109 for the server it won't be accessible from the Internet given no port forwarding is enabled for any port of the server.

Also note that your network address should be 192.168.1.0 and if you want to communicate to the internet from the server you should add the router's address as the gateway address. As your local IP address will be masqueraded by the public IP of the router for any outgoing request you will be safe in that case too.

You can optionally enable some packet filtering rules in iptables of the server for more fine grained firewalling.

The following network configuration should suffice: 

auto eth0
iface eth0 inet static
    address 192.168.1.109
    netmask 255.255.255.0
    gateway 192.168.1.1

Assuming 192.168.1.1 is the gateway address.

heemayl
  • 94,145
  • But I want the sever to NOT be accesible from internet. What configuration should I give it? (192.168.1.1 is the router ip address). I am very novice in network stuff, i am sorry for my ununderstanding. I understood I don't have to give it a gateway in order to make it unaccesible from internet. Even if I don't give it a gateway when I write in terminal ifconfig -a it has a gateway. Why does it take it automatically? How can I prevent that? – pablito.aven Oct 14 '15 at 17:30
  • @pablito.aven You can remove the gateway then..note that ifconfig does not show gateway, you must be missing something here.. – heemayl Oct 15 '15 at 01:33