Oddbean new post about | logout
ChipTuner | 5 days ago (raw) | root | parent | reply | flag +1 
 Yessir from my main wan traffic. 

I've been hosting stuff (like my website) publicly since 2010, and maybe 1 or 2 times have I had any actually major DOS issues. This is far from major, I have many resource exhaustion protections in place. 

Also, I do not recommend pointing DNS directly to your home public IP. I pay for a public VPS and use nginx stream proxying to tunnel IP traffic back home. 1 for a layer of privacy, 2 for isolation, 3 so I don't have to terminate SSL until it hits my network, so my certs are only stored locally. Also in the case of DOS events I can just log into the VPS to disable routing, and I get my internet back. If I ever lose my VPS I can possibly purchase from another company and copy/paste my nginx config and be back up hopefully within a few hours if I need it.
mleku | 5 days ago (raw) | root | parent | reply | flag +1 
 i use wireguard tunnels and my own bespoke reverse proxy... and it lets me test my stuff live on the internet from my dev box
Daniel Wigton | 5 days ago (raw) | root | parent | reply | flag 
 Yeah, this is what I was thinking of doing. Probably with wire guard. I haven't ever used nginx though. How much vps do you need to route a gigabit? Do you do filtering at your vps? Packet inspection?
ChipTuner | 5 days ago (raw) | root | parent | reply | flag 
 Nginx is a fantastic tool! I have 2TB/month of traffic for my VPS and I don't come anywhere near hitting that. No, my VPS is a dumb TCP forwarder that's all it does. I just have some IP based limits, that's all.