[mythtv-users] locating my MythTV box from the internet using a domain name

Ian Forde ian at duckland.org
Thu Feb 19 23:45:16 EST 2004


On Thu, 2004-02-19 at 20:19, Ray Olszewski wrote:
> Yes, this is a good example of how to handle one potential security 
> problem, probably the most obvious one. I was also thinking about other 
> services ... communication between frontend and backend (if he has separate 
> hosts), between the backend and the SQL server ... and probably some other 
> odds and ends that are common among hosts on LANs shielded from the 
> Internet by NAT'ing and firewalling.

Yeah, but why since myth doesn't present "internet services" other than
mythweb, the only thing that needs to face the web would be mythweb,
no?  So the backend <-> sql server connection should be completely
shielded by the firewall and NAT.  I think we agree here...

> My impression is that Myth itself is fairly relaxed about its own security 
> ... a reasonable thing to do on a NAT'd LAN, but riskier once routable 
> addresses start getting used. I always ran Myth in such a secure setting, 
> so I haven't worked through the details of putting it on a host with a 
> public address. Has anyone actually done this before?

I wouldn't... no need...

> Doesn't the SQL stuff make use of dynamic addresses tricky? Or were you 
> assuming this would be a 2-interface system?

I wouldn't ever run a database server naked on the internet.  That box
would *definitely* be natted...

Which has gotten me to thinking.  Since I've just had some luck getting
Nagios, sendmail with starttls and ldap auth, and a few other things
working at home over the last 24 hours, maybe I'll try my luck and
finally start on that reverse proxy I always wanted!

	-I
-- 
                       __________________________________
                       Ian Forde, RHCE, CCSE, SCNA, SCDME
                       CYTBeN, Inc.
                       ian at duckland.org / ian at cytben.com



More information about the mythtv-users mailing list