[mythtv-users] Friendly Messenger stating that "YOUR MYTHWEB IS INSECURE"
Anthony Zawacki
azmail at thezawackis.com
Mon Feb 11 15:07:03 UTC 2008
Bill Omer wrote:
> Sorry for jumping in on this thread so late. But I use a method to
> secure mythweb that I haven't seen suggested on here.
>
> I suggest to use ssh tunneling. The box running mythweb shouldn't be
> accessible from the internet at all. Not through a proxy, not from an
> off port... ssh to a machine on the local network (a Bastian host)
> and then use the tunnel to connect to mythweb on your lan.
>
> ssh -L8080:mythwebbox:80 someaddresshere
> http://localhost:8080/mythweb
>
>
> This keeps the box running mythweb off the internet and keeps my
> traffic to/from mythweb (while off my home lan) secured via my ssh
> tunnel.
>
I'd second this recommendation, and add the recommendation that you set
up your firewall to port forward some goofy port to port 22 on your
"Bastian host" (unless this _is_ your firewall of course) to limit the
number of random attackers.
I use ipcop as my firewall, and port forward to port 22 on my main
computer. Before I did that, I could look in /var/log/secure and see at
least 5 attacks per hour. Now I don't see any.
I can run VNC, mythweb, and pretty much anything else that I would want
to on my local lan using secure tunnels.
Anthony
More information about the mythtv-users
mailing list