1. Forum
  2. TildeVerse
  3. tilde.projects

  • LAN safety hosting tilde at home

    From klu@klu@cosmic.voyage to tilde.projects,tilde.bsd on Mon Mar 21 06:32:13 2022

    Is this a very bad idea hosting a tilde pubnix at home? Particularly,
    I'm concerned of exposing my home network to the internet. I'm wondering
    if there's a way for safe hosting by putting the pubnix in a container
    or jail, then config its network interface through a VPN or something.

    Any suggestions?
    --- Synchronet 3.19a-Linux NewsLink 1.113
  • From C.Botulinum@cbotulinum@cock.li to tilde.projects on Mon Mar 21 10:35:55 2022
    On Mon, 21 Mar 2022 06:32:13 +0000
    klu@cosmic.voyage wrote:

    Is this a very bad idea hosting a tilde pubnix at home? Particularly,
    I'm concerned of exposing my home network to the internet. I'm wondering
    if there's a way for safe hosting by putting the pubnix in a container
    or jail, then config its network interface through a VPN or something.

    Any suggestions?

    Best I can think of is if you use a bunch of jails/VMs and make sure to set up some VLANs to separate the internal LAN into different compartments.

    --- Synchronet 3.19a-Linux NewsLink 1.113
  • From freet@freet@aussies.space (The Free Thinker) to tilde.projects on Mon Mar 21 21:55:47 2022
    C.Botulinum <cbotulinum@cock.li> wrote:
    On Mon, 21 Mar 2022 06:32:13 +0000
    klu@cosmic.voyage wrote:

    Is this a very bad idea hosting a tilde pubnix at home? Particularly,
    I'm concerned of exposing my home network to the internet. I'm wondering
    if there's a way for safe hosting by putting the pubnix in a container
    or jail, then config its network interface through a VPN or something.

    Any suggestions?

    Best I can think of is if you use a bunch of jails/VMs and make sure to set up
    some VLANs to separate the internal LAN into different compartments.

    If you set up the VLAN properly, I'm not sure why the container
    etc. stuff would be needed. The network interface of the system
    running the tilde shouldn't be able to talk to other systems on
    the LAN. At least that's how it worked when I had my router running
    OpenWRT mis-configured and doing that by mistake. :)
    --

    - The Free Thinker | gopher://aussies.space/1/%7efreet/
    --- Synchronet 3.19a-Linux NewsLink 1.113
  • From rdh@rdh@tilde.institute to tilde.projects on Sat Jul 22 06:46:10 2023

    On Mon, 21 Mar 2022, klu@cosmic.voyage wrote:


    Is this a very bad idea hosting a tilde pubnix at home? Particularly,
    I'm concerned of exposing my home network to the internet. I'm wondering
    if there's a way for safe hosting by putting the pubnix in a container
    or jail, then config its network interface through a VPN or something.

    Any suggestions?


    Is it a *very* bad idea? No, not particularly, although as always, opening ports into your home network does increase the risks you take on. If your firewall supports DMZ, then putting a computer or VM in that DMZ
    significantly minimizes the risk to your network--although not completely.

    Configuring the incoming connection to go through a VPN wouldn't really
    help you, as anyone who connects to your pubnix will then have the ability
    to use your machine's local connections to do whatever they want on your
    home net. But again, a good firewall will be all you need.

    My suggestion, check your router's firewall (unless you have a dedicated device) and figure out if it supports a DMZ, and if so, how to set it up.
    Once you're familiar with that, spin up a VM, or put a hardware device in
    it, then you've pretty much got a device that is not on your home LAN.

    It's not fool-proof, a dedicated hacker will be able to break out, but I'd
    say it's safe enough.

    ~rdh
    --- Synchronet 3.19a-Linux NewsLink 1.113
  • From yeti@yeti@tilde.institute to tilde.projects on Sat Jul 22 07:13:18 2023
    klu@cosmic.voyage writes:

    Is this a very bad idea hosting a tilde pubnix at home?

    In that situation I'd play with a pubnix over Tor or I2P.

    Or:

    A swarm of peers connecting in a similar way via VPN or overlay network
    would even be funnier and nudge all swarm members to have a look at
    those techniques. Then every member just would have an own node, all
    data stays at home and only what needs to be shared/public will be shared/public. No strangers on your hardware, lots of neighbours,
    learning together. \o/
    --
    Take Back Control! -- Mesh The Planet!
    I do not play Nethack, I do play GNUS! o;-)
    Solid facts do not need 1001 pictures.
    --- Synchronet 3.19a-Linux NewsLink 1.113