10/28/2022 0 Comments Plex ssh tunnel![]() ![]() SSH is a standard for secure remote logins and file transfers over untrusted networks. It can also be used to implement VPNs (Virtual Private Networks) and access intranet services across firewalls. It can be used to add encryption to legacy applications. SSH tunneling is a method of transporting arbitrary networking data over an encrypted SSH connection. PLEX SSH TUNNEL HOW TOIt needn't become a hyperparanoid installation, it should simply reflect many best practices and offer an adequate security/protection level with a reasonable effort, so that the intended use cases still work.Contents What is an SSH tunnel? Who uses SSH tunneling? Benefits of SSH tunneling for enterprises SSH tunneling in the corporate risk portfolio How to configure an SSH tunnel What is an SSH tunnel? There is also a CentOS-VM as a playground, but I lack a little bit the direction and working my way in should ideally already have one or two, more or less clear, directions. Of course am I willing to to read up and put work into it. I'm running out of questions here, since some things are still unclear to me, as you have surely noticed. Wouldn't port forwarding be safer then compared to placing the server into a consumer router's DMZ. Is it true that usually the DMZ of a consumer router reduces the level of protection that a router can offer, since it is in fact only an internal switch, which is not really separated from the rest of the LAN and for the DMZ various "protective functions" of the router, for the operation of a server out of the DMZ for requests from outside, things are virtually deactivated? What about gateways, data flow directions, routing, (port) forwarding etc.? Does it make sense to put the server into the DMZ of the consumer router connected to NIC#1 for example, and to run a very strict configuration for NIC#1 via firewalld (obviously only opening necessary ports, drop requests from unwanted sources, where connections should only be allowed via the aforementioned VPN tunnel) anyway and to handle requests from the internal LAN via NIC#2 with a different firewalld zone profile? ![]() Yes, such a VPN tunnel would then run into the (supposed) DMZ of the consumer router, but further access to the LAN from WAN is (at first (what might follow later is still unclear)) not intended. How sensible is it, with regard to the level of protection, to handle external access via a VPN tunnel alone (PPTP, L2TP, IPsec) and then to allow SSH with self-signed key and CalDAV/CardDAV/WebDAV in connection with SSL?Īs mentioned before, as far as I know, GUI remote administration is not intended. only really necessary, exposure of the server? Aim is to keep the attack surface small. ![]() How would one use the 2 NICs (with regard to the potentially used DMZ) in the most sensible way, whereby the goal should be minimal, i.e. Unclear aspects, questions, request for tips: no GUI login for remote access, only SSH. PLEX SSH TUNNEL ANDROID2 Linux clients (+1 Windows10 client), 2 or 3 Android devices On the server runs "ddclient" for updating the WAN-IP. ![]() No fixed WAN-IP through ISP, so a DynDNS service will be used here. Currently there are no other switches/routers. Arris Group Inc "TG1682G" router with 4 LAN ports, one of which could be used for a DMZ of this router. CentOS 8 server with 2 NICs, theoretically 3 possible, since there is still a USB WLAN dongle. This is currently planned via VPN tunnel accessible via DynDNS service. possibly some file sync from an Android device, probably for WebDAV and SSH. Remote access to servers via SSH with self-signed keys, only via CLI Plex media server for known devices from the LAN Nextcloud for known devices from the LAN (no Snap/Flatpak/AppImage) LAN-internal use (fixed IPs are used in the LAN) Hosting of NextCloud and Plex with a reasonably high level of security and the smallest possible attack surface, as well as limited/restricted external access for 1 user. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |