[mythtv-users] convoluted questiom

James Linder jam at tigger.ws
Tue Dec 28 09:15:05 UTC 2021



> On 27 Dec 2021, at 11:24 pm, Mike Perkins <mikep at randomtraveller.org.uk> wrote:
> 
>> Mike thanks
>> despite being told 'you probably need zoneminder' I probably would not have tried before reading your synopsis. I will build a test system the only hastle is to stop it talking to mummy and still be live on lan
> I have a similar problem, since I am certain that the cameras would 'phone home' if given half a chance. My solution - which I can do because I have too much old kit laying around - is to put the cameras and the server on a separate subnet which is firewalled off from the other network(s).
> 
> I can access the zm web server for adminstration, viewing and download purposes but it keeps the camera traffic away from everything else. This does mean that to upgrade I have to temporarily reboot the server onto a different subnet to do any upgrades, etc.
> 
> My firewall/router has six ports, one of which is WAN, the others each have a small 1Gb switch attached. One goes to the myth subnet, another to the main server, a third has a number of virtual networks which connect to a switch that basically does 'everything else' that needs just one or two devices, eg the TV STB, the WiFi AP, printers and central heating controls. A fourth is the ZM subnet and the fifth is (at the moment) spare. By doing it this way I can take down most parts woithout affecting any other. It also keeps the traffic isolated.

Many wifi routers have a cute trick called a 'guest network’ which is ideal. It gives internet access to the guest machine, but not lan access.
A bit of foolery, some dyn-dns

[Unit]
Description=ssh tunnel to tigger
Requires=network.service

[Service]
ExecStart=/usr/bin/ssh -p 4123 -N -R 1200:localhost:22 -R 4001:localhost:4000 git at tigger.3utilities.com
Restart=always
RestartSec=30
User=doug

[Install]
WantedBy=multi-user.target

bingo, solution
(test machine cannot call home
 I can ssh there (I’m also using nomachine to get the desktop on my laptop)
)

James

PS if you think I’ve gone mad: there is no git passwd, you must use public key, besides there is nothing there except a bog-standard install.


More information about the mythtv-users mailing list