Is this a very bad idea hosting a tilde pubnix at home? Particularly,
I'm concerned of exposing my home network to the internet. I'm wondering
if there's a way for safe hosting by putting the pubnix in a container
or jail, then config its network interface through a VPN or something.

Any suggestions?
--- Synchronet 3.19a-Linux NewsLink 1.113

On Mon, 21 Mar 2022 06:32:13 +0000
klu@cosmic.voyage wrote:

Is this a very bad idea hosting a tilde pubnix at home? Particularly,
I'm concerned of exposing my home network to the internet. I'm wondering
if there's a way for safe hosting by putting the pubnix in a container
or jail, then config its network interface through a VPN or something.

Any suggestions?

Best I can think of is if you use a bunch of jails/VMs and make sure to set up some VLANs to separate the internal LAN into different compartments.

--- Synchronet 3.19a-Linux NewsLink 1.113

C.Botulinum <cbotulinum@cock.li> wrote:

On Mon, 21 Mar 2022 06:32:13 +0000
klu@cosmic.voyage wrote:

Is this a very bad idea hosting a tilde pubnix at home? Particularly,
I'm concerned of exposing my home network to the internet. I'm wondering
if there's a way for safe hosting by putting the pubnix in a container
or jail, then config its network interface through a VPN or something.

Any suggestions?

Best I can think of is if you use a bunch of jails/VMs and make sure to set up
some VLANs to separate the internal LAN into different compartments.

If you set up the VLAN properly, I'm not sure why the container
etc. stuff would be needed. The network interface of the system
running the tilde shouldn't be able to talk to other systems on
the LAN. At least that's how it worked when I had my router running
OpenWRT mis-configured and doing that by mistake. :)
--

- The Free Thinker | gopher://aussies.space/1/%7efreet/
--- Synchronet 3.19a-Linux NewsLink 1.113

On Mon, 21 Mar 2022, klu@cosmic.voyage wrote:

Is this a very bad idea hosting a tilde pubnix at home? Particularly,
I'm concerned of exposing my home network to the internet. I'm wondering
if there's a way for safe hosting by putting the pubnix in a container
or jail, then config its network interface through a VPN or something.

Any suggestions?

Is it a *very* bad idea? No, not particularly, although as always, opening ports into your home network does increase the risks you take on. If your firewall supports DMZ, then putting a computer or VM in that DMZ
significantly minimizes the risk to your network--although not completely.

Configuring the incoming connection to go through a VPN wouldn't really
help you, as anyone who connects to your pubnix will then have the ability
to use your machine's local connections to do whatever they want on your
home net. But again, a good firewall will be all you need.

My suggestion, check your router's firewall (unless you have a dedicated device) and figure out if it supports a DMZ, and if so, how to set it up.
Once you're familiar with that, spin up a VM, or put a hardware device in
it, then you've pretty much got a device that is not on your home LAN.

It's not fool-proof, a dedicated hacker will be able to break out, but I'd
say it's safe enough.

~rdh
--- Synchronet 3.19a-Linux NewsLink 1.113

klu@cosmic.voyage writes:

Is this a very bad idea hosting a tilde pubnix at home?

In that situation I'd play with a pubnix over Tor or I2P.

Or:

A swarm of peers connecting in a similar way via VPN or overlay network
would even be funnier and nudge all swarm members to have a look at
those techniques. Then every member just would have an own node, all
data stays at home and only what needs to be shared/public will be shared/public. No strangers on your hardware, lots of neighbours,
learning together. \o/
--
Take Back Control! -- Mesh The Planet!
I do not play Nethack, I do play GNUS! o;-)
Solid facts do not need 1001 pictures.
--- Synchronet 3.19a-Linux NewsLink 1.113