[mythtv] Proposed change to Network Communications
Brian J. Murrell
brian at interlinx.bc.ca
Wed Mar 8 14:23:47 UTC 2017
On Thu, 2017-03-09 at 03:06 +1300, Stephen Worthington wrote:
> There are some interesting complications from listening on all
> addresses. When you have a PC that has more than one network
> interface, you normally do not want software to listen on all of
> network interfaces,
I disagree. By default, I think you do.
> For example, it is now fairly common to have a guest VLAN where you
> allow access for other people's devices to the Internet,
So if you don't want people in the guest VLAN to access your MythTV
server, don't give it a VLAN interface.
> Since a MythTV box is often the only Linux box on a home network, it
> is often given extra jobs such as running a VLAN, because Linux can
> easily do that sort of thing. My MythTV box, for example, runs my
> OpenVPN server.
So, if you want to overload (I mean as in purpose, not actual load)
your MythTV box with other duties, then it is up to you to configure
the interfaces as you see fit to fulfill those multiple duties.
But people wanting to do that should be smart enough to do that. For
the average user who just deploys a single-purpose MythTV "appliance"
box, they will want MythTV to be listening on all interfaces just like
any other single-purpose network device would.
> It is not uncommon for a Linux box to be the main firewall gateway
> a home network,
I think most security experts would tell you that making a box that has
fourteen other duties the security gateway for your network is less
than ideal at best and typically silly.
> I am sure there are lots of other examples.
There probably are. But I would argue all of those examples come with
a responsibility of properly configuring the box for the multiple
duties it is doing and part of that is decided if you want to segregate
traffic to particular interfaces and doing so if so.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 473 bytes
Desc: This is a digitally signed message part
More information about the mythtv-dev