[mythtv-users] Security concerns for my myth box
Scott Alfter
mythtv at salfter.dyndns.org
Thu Dec 16 18:39:19 UTC 2004
On Thu, Dec 16, 2004 at 10:09:39AM +1000, David Whyte top-posted (grr):
> I am behind a NAT router, have a dynamix IP but will use dynDNS, and I
> have port 80 blocked by ISP. I plan to open SSH and a port for HTTP
> (1010 or 1080) so I can use MythWeb when out of the house. I will
> obvisouly change my crappy root password when I get to opening the
> ports..
Don't bother putting your webserver on a non-standard port. You can create
a tunnel with SSH from any port on the remote machine to any port on any
host on your network. My MythTV box doesn't have a direct connection to the
Internet; it sits behind another Linux box that serves as a router (among
other things). When I'm out and about, I can access MythWeb with something
like this:
ssh -CL 80:192.168.100.14:80 alfter.us
-C enables compression, while -L 80:192.168.100.14:80 redirects local port
80 to port 80 on 192.168.100.14 (the MythTV box) on the remote network.
After that, just aim Mozilla at http://localhost/mythweb/ and you're in.
(Note: OpenSSH on Linux will only redirect privileged ports (such as port
80) for root. My desktop systems mostly run Windows; OpenSSH on Cygwin
doesn't have this restriction.)
_/_
/ v \ Scott Alfter
(IIGS( http://alfter.us/ Top-posting!
\_^_/ rm -rf /bin/laden >What's the most annoying thing on Usenet?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 185 bytes
Desc: not available
Url : http://mythtv.org/pipermail/mythtv-users/attachments/20041216/3f74bd03/attachment.pgp
More information about the mythtv-users
mailing list