[mythtv-users] Security concerns for my myth box

Scott Alfter mythtv at salfter.dyndns.org
Thu Dec 16 18:39:19 UTC 2004


On Thu, Dec 16, 2004 at 10:09:39AM +1000, David Whyte top-posted (grr):
> I am behind a NAT router, have a dynamix IP but will use dynDNS, and I
> have port 80 blocked by ISP.  I plan to open SSH and a port for HTTP
> (1010 or 1080) so I can use MythWeb when out of the house.  I will
> obvisouly change my crappy root password when I get to opening the
> ports..

Don't bother putting your webserver on a non-standard port.  You can create
a tunnel with SSH from any port on the remote machine to any port on any
host on your network.  My MythTV box doesn't have a direct connection to the
Internet; it sits behind another Linux box that serves as a router (among
other things).  When I'm out and about, I can access MythWeb with something
like this:

ssh -CL 80:192.168.100.14:80 alfter.us

-C enables compression, while -L 80:192.168.100.14:80 redirects local port
80 to port 80 on 192.168.100.14 (the MythTV box) on the remote network. 
After that, just aim Mozilla at http://localhost/mythweb/ and you're in.

(Note: OpenSSH on Linux will only redirect privileged ports (such as port
80) for root.  My desktop systems mostly run Windows; OpenSSH on Cygwin
doesn't have this restriction.)

  _/_
 / v \ Scott Alfter
(IIGS( http://alfter.us/            Top-posting!
 \_^_/ rm -rf /bin/laden            >What's the most annoying thing on Usenet?

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 185 bytes
Desc: not available
Url : http://mythtv.org/pipermail/mythtv-users/attachments/20041216/3f74bd03/attachment.pgp


More information about the mythtv-users mailing list