“Underbed” hosting is a slang term for a server located in an ordinary residential apartment and connected to a home Internet channel. These servers usually hosted a public FTP server, the owner's home page, and sometimes even an entire hosting for other projects. The phenomenon was common in the early days of the emergence of affordable home Internet via a dedicated channel, when renting a dedicated server in a data center was too expensive, and virtual servers were not yet common and convenient enough.
Most often, an old computer was allocated for the “bedside” server, into which all found hard drives were installed. It could also act as a home router and firewall. Every self-respecting telecom employee had such a server at home.
With the advent of affordable cloud services, home servers have become less popular, and today the maximum that can be found in residential apartments is a NAS for storing photo albums, movies, and backups.
The article discusses the curious cases associated with home servers and the problems that their administrators face. Let's see how this phenomenon looks today and choose what interesting things you can host on your bedside server today.
House network servers in Nova Kakhovka. Photo from nag.ru
Correct IP address
The main requirement for a home server was the presence of a real, that is, an IP address routable from the Internet. Many providers did not provide such a service for individuals, and it had to be mined by special agreement. Often the provider required to conclude a separate contract for the provision of a dedicated IP. Sometimes even this procedure provided for the creation of a separate NIC Handle for the owner, as a result of which his name and home address were available directly using the Whois command. At this point, one had to be careful when arguing on the Internet, since the joke about “calculate by IP” ceased to be a joke. By the way, not so long ago there was a scandal , which decided to place in whois the personal data of all its customers.
Permanent IP vs DynDNS
Well, if you managed to get a permanent IP address - then you could easily direct all domain names to it and forget it, but this was not always possible. Many large federal-scale ADSL providers gave clients a real IP address only for the lifetime of the session, that is, it could change either once a day, or in the event of a modem reboot or a connection break. In this case, Dyn (dynamic) DNS services came to the rescue. Most popular service , which was free for a long time, made it possible to get a subdomain in the zone *.dyndns.org, which could be quickly updated when changing the IP address. A special client-side script constantly knocked on the DynDNS server, and if its outgoing address changed, the new address was immediately set to the A-record of the subdomain.
Closed ports and prohibited protocols
Many providers, especially large ADSL, were against users hosting any public services on their addresses, therefore they denied incoming connections to popular ports like HTTP. There are cases when providers blocked the ports of game servers, like Counter-Strike and Half-Life. This practice is still popular today, which sometimes causes problems. For example, almost all providers block Windows RPC and NetBios ports (135-139 and 445) to prevent the spread of viruses, as well as often incoming ports for Email SMTP, POP3, IMAP protocol.
Providers that provide IP telephony services other than the Internet like to block SIP protocol ports in order to force customers to use only their telephony services.
PTR and sending mail
Hosting your own mail server is a separate big topic. Keeping a personal mail server under your bed that is completely under your control is a very tempting idea. But implementation in practice was not always possible. Most home provider IP address ranges are in a permanent block on spam lists (), so mail servers simply refuse to accept incoming SMTP connections from home provider IP addresses. As a result, it was almost impossible to send a letter from such a server.
In addition, in order to successfully send mail, it was necessary to set the correct PTR record for the IP address, that is, the reverse transformation of the IP address into a domain name. The vast majority of providers agreed to this only by special agreement or by concluding a separate contract.
We are looking for bedside servers of neighbors
Using PTR records, we can see which of our neighbors by IP addresses have agreed to install a special DNS record for their IP. To do this, take our home IP address, execute the command for it whois, and get the range of addresses that the provider issues to clients. There can be many such ranges, but for the experiment we will check one.
In our case, this is the provider Online (Rostelecom). We go to and get our IP address:
By the way, Onlime is one of those providers that always gives clients a permanent IP, even without a connected service of a dedicated IP address. In this case, the address may not change for months.
Let's resolve the entire range of addresses 95.84.192.0/18 (about 16 thousand addresses) using nmap. Option -sl in fact, it does not actively scan hosts, but only sends DNS queries, so in the results we will see only lines containing a domain associated with an IP address.
$ nmap -sL -vvv 95.84.192.0/18
......
Nmap scan report for broadband-95-84-195-131.ip.moscow.rt.ru (95.84.195.131)
Nmap scan report for broadband-95-84-195-132.ip.moscow.rt.ru (95.84.195.132)
Nmap scan report for broadband-95-84-195-133.ip.moscow.rt.ru (95.84.195.133)
Nmap scan report for broadband-95-84-195-134.ip.moscow.rt.ru (95.84.195.134)
Nmap scan report for broadband-95-84-195-135.ip.moscow.rt.ru (95.84.195.135)
Nmap scan report for mx2.merpassa.ru (95.84.195.136)
Nmap scan report for broadband-95-84-195-137.ip.moscow.rt.ru (95.84.195.137)
Nmap scan report for broadband-95-84-195-138.ip.moscow.rt.ru (95.84.195.138)
Nmap scan report for broadband-95-84-195-139.ip.moscow.rt.ru (95.84.195.139)
Nmap scan report for broadband-95-84-195-140.ip.moscow.rt.ru (95.84.195.140)
Nmap scan report for broadband-95-84-195-141.ip.moscow.rt.ru (95.84.195.141)
Nmap scan report for broadband-95-84-195-142.ip.moscow.rt.ru (95.84.195.142)
Nmap scan report for broadband-95-84-195-143.ip.moscow.rt.ru (95.84.195.143)
Nmap scan report for broadband-95-84-195-144.ip.moscow.rt.ru (95.84.195.144)
.....
Almost all addresses have a standard PTR record like broadband-address.ip.moscow.rt.ru except for a couple of things, among which mx2.merpassa.ru. Judging by the mx subdomain, this is a mail server (mail exchange). Let's try to check this address in the service
It can be seen that the entire IP range is in a permanent block list, and letters sent from this server will rarely reach the addressee. Keep this in mind when choosing a server for outgoing mail.
Keeping your mail server within the IP range of your home provider is always a bad idea. Such a server will have problems sending and receiving mail. Keep this in mind if your system administrator suggests deploying a mail server directly on the office IP address.
Use either real hosting or an email service. So you will have to call less often to check whether your letters have reached.
Hosting on a WiFi router
With the advent of single board computers like the Raspberry Pi, you won't be surprised by a website running on a device the size of a pack of cigarettes, but even before the Raspberry Pi, enthusiasts were running homepages right on a WiFi router!
The legendary WRT54G router that started the OpenWRT project in 2004
The Linksys WRT54G router that started the OpenWRT project did not have USB ports, but the craftsmen found soldered GPIO pins in it that could be used as SPI. So there was a mod that adds an SD card to the device. This opened up a huge freedom for creativity. You could even build a whole PHP! I personally remember how, almost not knowing how to solder, I soldered an SD card to this router. Later, USB ports will appear in routers and you can simply insert a USB flash drive.
Previously, there were several projects on the Internet at once that were completely launched on a home WiFi router, there will be a postscript about this below. Unfortunately, I could not find any live site. Perhaps you know these?
Server cabinets from IKEA tables
One day, someone discovered that a popular IKEA coffee table called Lack works great as a rack for standard 19-inch servers. Due to the price of $9, this table has become very popular for creating home data centers. This mounting method is called .
Ikea Lakk table is ideal for a server cabinet
The tables could be placed one on top of the other and build real server cabinets. Unfortunately, because of the fragile chipboard from heavy servers, the tables fell apart. For reliability, they were reinforced with metal corners.
How schoolchildren deprived me of the Internet
I, as expected, also had my own under-bed server, on which a simple forum was spinning dedicated to the near-game topic. One day, an aggressive student, dissatisfied with the ban, persuaded his comrades, and together they began to DDoS my forum from their home computers. Since the entire Internet channel was then about 20 Megabits, they managed to completely paralyze my home Internet. No blocking on the firewall helped, because the channel was completely exhausted.
From the outside it looked very funny:
- Hello, why don't you answer me in ICQ?
“Sorry, there’s no internet, they’re ddosing me.”
Appeals to the provider did not help, I was told that it was not their responsibility to deal with this, and they could only block my incoming traffic completely. So I spent two days without the Internet, until the attackers got tired.
Conclusion
There should have been a selection of modern P2P services that can be deployed on a home server, like ZeroNet, IPFS, Tahoe-LAFS, BitTorrent, I2P. But over the past couple of years, my opinion has changed a lot. I believe that hosting any public services on a home IP address, and even more so those that involve loading user-generated content, creates an unjustified risk for all tenants living in the apartment. Now I advise you to prohibit incoming connections from the Internet as much as possible, refuse dedicated IP addresses, and keep all your projects on remote servers on the Internet.
Follow our developer on Instagram
Source: habr.com