Server behind Wireguard and Firewalld, Public IP and PTR

April 11, 2019 448 views
DigitalOcean VPN Networking Email

Hello,

I am new to Digitalocean. I have mostly successfully set up a fedora droplet running wireguard and firewalld with a floating ip to direct traffic to a roaming laptop running a small web and mail server that reconnects automatically as it is moves to different locations. So far during testing on the backup laptop and test domain, it works great, the web server works great, IMAP works great, cal/carddav, perfect.

BUT I just ran into an issue with my project, I just now I realized that the PTR record uses the public IP and not the floating IP, which make email sending a problem. So I think I need to try using the public ip of the droplet instead of the floating ip at least for the email and maybe for all of my project to set up the PTR.

Looking for suggestions, Is there a guide or a different way to do this? And, for reasons I can’t get into now, I can’t migrate anything off the laptop server to a new proper server at the moment, but will eventually.

Thanks in advance.

2 Answers

Greetings!

Great question. The floating IP is not meant to be treated as a local IP on the system. Rather, it's more of a traffic forwarder. When sending email you should use the droplet's public IP. The PTR record for that IP is set by the name of the droplet, so you just rename the droplet (in our cloud panel) to a fully qualified domain name to set the PTR. By default all of your mail should be going out through the droplet IP, no change should be necessary to not send through the floating IP, as it would actually require quite some trickery to do that.

Now, your droplet PTR doesn't have to match the A record you have for the floating IP. You want to avoid this scenario:

domain.tld = {floating_ip}
{droplet_hostname} = domain.tld
{public_ip_ptr} = domain.tld

Because then the PTR wouldn't have a matching A record. So instead, maybe you would do something like this:

domain.tld = {floating_ip}
{droplet_hostname} = server.domain.tld
{public_ip_ptr} = server.domain.tld

Now you have PTR working with forward confirmed DNS, and your domain never has to be moved from the floating IP.

Jarland

OK thanks! I will rename the droplet hostname to server.doman.tld

And my DNS records should look like:

Type - Hostname - Value
A - domain.tld - {floatingip}
A - server.domain.tld - {public
ip}
MX - domain.tld - server.domain.tld

Correct? Thanks again.

Have another answer? Share your knowledge.