Servers on a Ghetto ISP
by Lirakis
Many ISPs today restrict their customers from providing services by blocking ports.
It is unfair that ISPs do not give their customers what they pay for and instead opt to make more money by charging a lot for business service on which you can run servers, all while saying it is in their customers' best interest.
This article is meant to be an in depth follow up to "Fun With Hosting On Your Cable/DSL" by Toby in 20:1 and also includes how to set up a POP3/SMTP email server with a port blocking ISP.
This article specifically addresses restrictions as well as statements made by Cox Communications. Depriving customers of abilities, in my opinion, is not protecting them. It is cheating them.
Perhaps if Cox did not use up so much of its bandwidth tracking customers ("Cox or someone acting on its behalf may engage in the anonymous monitoring of Internet activity. This means that a customer's session may be tracked" - Cox Terms of Service at www.cox-internet.com/terms.html), they would be more willing to provide the full service that their customers have paid for.
Below I have listed the ports that Cox blocks and the reason why they say they block them.
As you can see, two of the three ports we need to set up web and email servers are blocked, port 25 and port 80:
Setting Up a Web Server (The Easy Part)
Register your domain name with a DNS that provides URL redirection (I used www.123cheapdomains.com) and get a router that supports port forwarding or port mapping. (Portmap, a *NIX utility, can also be used but it is notoriously insecure so I will not cover it.) I use a D-Link DI-614+ AirPlus router which works great.
Set up your web server (I used Apache) behind the router and give it a static IP on your internal network. Let's give it 192.168.0.150 for use in this article. Now open up your router's admin menu and somewhere in advanced settings you will find port forwarding. Here you need to set your router to listen to an external port and forward any request to an internal IP on the same or different port which you specify.
So let's set the public port to listen to public port 2600 and forward it to private port 80 on 192.168.0.150.
Now go to your DNS and create a record for your public IP. Now you also need to create a record for URL redirection (DNS does not allow port specification, so this is why we use URL redirection).
Create a URL redirect record containing http://XXX.XXX.XXX.XXX:2600 substituting your IP in for the X's.
The 2600 is the port specification, just as if you were typing in a FTP site into a web browser's address bar. Now your web server will work just fine.
There is one more issue that comes up that is not a big deal.
When someone goes to your website http://example.com:2600 will show in the address bar, not your domain name. To make it show your domain name you must specify URL forwarding with address masking on your DNS and give it the domain name that you want to show. That wasn't so bad now was it?
Setting up a POP3/SMTP Email Server (The Hard Part)
Well, if you want to set up an email server it is not so easy, but it is still doable.
I am using Sendmail in this article, but I will not cover basic setup of it; they have whole books devoted to that.
Install and configure Sendmail according to your needs. Install and configure a POP3 daemon of your choice (I used popa3d).
Now you need to set up port forwarding for the SMTP portion of the mail system. You should not have to do any port forwarding for the POP3 daemon because, oddly enough, Cox does not filter port 110.
Open your router's admin page and go to the port forwarding section and let's specify public port 2700 and forward it to private port 25 on 192.168.0.150.
The next part is more difficult...
Because there is no way to specify a port for MX records (mail server records), you can't just use URL redirection like you did with the web server.
What you need to do is set up a mail redirection host.
This means you need a remote machine somewhere that you can set up a mail server on that can receive on port 25. You're on your own as far as getting a remote machine. (Maybe someone could write a follow up article to this one about social engineering, heh heh.)
When you have a remote machine, you need to install Sendmail on it. After you have done this, you need to make Sendmail listen to port 25 and redirect it to your port blocked computer on port 2700.
To do this you must modify a few lines in the sendmail.cf file:
Now, you need to add your entry to your mailertable and indicate that you want to use esmtp2700 instead of just esmtp:
You're almost done!
Now all you need to do is to go to your DNS and create an MX record pointing to the relay mail host.
Now you can send and receive email@yourdomain.com, POP3 on port 110, and SMTP on port 25.
We see that although many of today's ISPs are stripping their customers' rights to share information that, with a little creative administration and some time, we can keep the spice flowing.
I would like to thank Graymalkin for helping me to test the mail server. Also Solthae, DZNTZ, and all of the members of 2600tucson for helping with testing the web server, freebsd.peon.net for info on Sendmail relay configuring, and of course Cox Cable. Without their unfair restrictions and blatant breach of privacy I would have had nothing to write about.