Forum: RetroDigital BBS

LAN safety hosting tilde at home

From klu@klu@cosmic.voyage to tilde.projects,tilde.bsd on Mon Mar 21 06:32:13 2022

Is this a very bad idea hosting a tilde pubnix at home? Particularly,
I'm concerned of exposing my home network to the internet. I'm wondering
if there's a way for safe hosting by putting the pubnix in a container
or jail, then config its network interface through a VPN or something.

Any suggestions?
--- Synchronet 3.19a-Linux NewsLink 1.113

From C.Botulinum@cbotulinum@cock.li to tilde.projects on Mon Mar 21 10:35:55 2022

On Mon, 21 Mar 2022 06:32:13 +0000
klu@cosmic.voyage wrote:

Is this a very bad idea hosting a tilde pubnix at home? Particularly,
I'm concerned of exposing my home network to the internet. I'm wondering
if there's a way for safe hosting by putting the pubnix in a container
or jail, then config its network interface through a VPN or something.

Any suggestions?

Best I can think of is if you use a bunch of jails/VMs and make sure to set up some VLANs to separate the internal LAN into different compartments.

--- Synchronet 3.19a-Linux NewsLink 1.113

From freet@freet@aussies.space (The Free Thinker) to tilde.projects on Mon Mar 21 21:55:47 2022

C.Botulinum <cbotulinum@cock.li> wrote:

On Mon, 21 Mar 2022 06:32:13 +0000
klu@cosmic.voyage wrote:

Is this a very bad idea hosting a tilde pubnix at home? Particularly,
I'm concerned of exposing my home network to the internet. I'm wondering
if there's a way for safe hosting by putting the pubnix in a container
or jail, then config its network interface through a VPN or something.

Any suggestions?

Best I can think of is if you use a bunch of jails/VMs and make sure to set up
some VLANs to separate the internal LAN into different compartments.

If you set up the VLAN properly, I'm not sure why the container
etc. stuff would be needed. The network interface of the system
running the tilde shouldn't be able to talk to other systems on
the LAN. At least that's how it worked when I had my router running
OpenWRT mis-configured and doing that by mistake. :)
--

- The Free Thinker | gopher://aussies.space/1/%7efreet/
--- Synchronet 3.19a-Linux NewsLink 1.113

From rdh@rdh@tilde.institute to tilde.projects on Sat Jul 22 06:46:10 2023

On Mon, 21 Mar 2022, klu@cosmic.voyage wrote:

Is this a very bad idea hosting a tilde pubnix at home? Particularly,
I'm concerned of exposing my home network to the internet. I'm wondering
if there's a way for safe hosting by putting the pubnix in a container
or jail, then config its network interface through a VPN or something.

Any suggestions?

Is it a *very* bad idea? No, not particularly, although as always, opening ports into your home network does increase the risks you take on. If your firewall supports DMZ, then putting a computer or VM in that DMZ
significantly minimizes the risk to your network--although not completely.

Configuring the incoming connection to go through a VPN wouldn't really
help you, as anyone who connects to your pubnix will then have the ability
to use your machine's local connections to do whatever they want on your
home net. But again, a good firewall will be all you need.

My suggestion, check your router's firewall (unless you have a dedicated device) and figure out if it supports a DMZ, and if so, how to set it up.
Once you're familiar with that, spin up a VM, or put a hardware device in
it, then you've pretty much got a device that is not on your home LAN.

It's not fool-proof, a dedicated hacker will be able to break out, but I'd
say it's safe enough.

~rdh
--- Synchronet 3.19a-Linux NewsLink 1.113

From yeti@yeti@tilde.institute to tilde.projects on Sat Jul 22 07:13:18 2023

klu@cosmic.voyage writes:

Is this a very bad idea hosting a tilde pubnix at home?

In that situation I'd play with a pubnix over Tor or I2P.

Or:

A swarm of peers connecting in a similar way via VPN or overlay network
would even be funnier and nudge all swarm members to have a look at
those techniques. Then every member just would have an own node, all
data stays at home and only what needs to be shared/public will be shared/public. No strangers on your hardware, lots of neighbours,
learning together. \o/
--
Take Back Control! -- Mesh The Planet!
I do not play Nethack, I do play GNUS! o;-)
Solid facts do not need 1001 pictures.
--- Synchronet 3.19a-Linux NewsLink 1.113

Who's Online
Recent Visitors
- Dextile
  Tue Jul 8 00:02:19 2025
  from Calgary, Ab via Telnet
- Dextile
  Mon Jul 7 21:37:05 2025
  from Calgary, Ab via Telnet
- Amessyroom
  Mon Jul 7 18:48:23 2025
  from Fayetteville, Nc via Telnet
- Dextile
  Mon Jul 7 00:10:53 2025
  from Calgary, Ab via Telnet

System Info

Sysop:	deepend
Location:	Calgary, Alberta
Users:	271
Nodes:	10 (0 / 10)
Uptime:	22:34:07
Calls:	2,233
Calls today:	1
Files:	4,727
D/L today:	25 files (9,999K bytes)
Messages:	421,790

Synchronet Oneliners
- Darknetgirl@rdbbs
  Tue May 6 02:09:48 2025
  Greetings from London/Milan. Getting back to real stuff
- Vintagegeek@rdbbs
  Wed May 14 09:34:53 2025
  Greetings from the ISS
- Guest@rdbbs
  Sun May 18 09:30:17 2025
  greetings from Poland / Europe
- Vintagegeek@rdbbs
  Sat Jun 7 17:12:17 2025
  Mars is busy today
- Vintagegeek@rdbbs
  Tue Jun 24 16:54:23 2025
  Leaving Mars at 17:15 on to Jupiter
- Guest@rdbbs
  Wed Jul 2 12:37:39 2025
  This is the good stuff