[mythtv-users] Friendly Messenger stating that "YOUR MYTHWEB IS INSECURE"
azmail at thezawackis.com
Mon Feb 11 15:07:03 UTC 2008
Bill Omer wrote:
> Sorry for jumping in on this thread so late. But I use a method to
> secure mythweb that I haven't seen suggested on here.
> I suggest to use ssh tunneling. The box running mythweb shouldn't be
> accessible from the internet at all. Not through a proxy, not from an
> off port... ssh to a machine on the local network (a Bastian host)
> and then use the tunnel to connect to mythweb on your lan.
> ssh -L8080:mythwebbox:80 someaddresshere
> This keeps the box running mythweb off the internet and keeps my
> traffic to/from mythweb (while off my home lan) secured via my ssh
I'd second this recommendation, and add the recommendation that you set
up your firewall to port forward some goofy port to port 22 on your
"Bastian host" (unless this _is_ your firewall of course) to limit the
number of random attackers.
I use ipcop as my firewall, and port forward to port 22 on my main
computer. Before I did that, I could look in /var/log/secure and see at
least 5 attacks per hour. Now I don't see any.
I can run VNC, mythweb, and pretty much anything else that I would want
to on my local lan using secure tunnels.
More information about the mythtv-users