Firewall rules

  • This post is deleted!

  • LAYER 8 Global Moderator

    Yes this is a simple port forward.

  • LAYER 8

    yes, but that would be moronic on some situation, the use of openvpn is advisable what do you need to access?

  • LAYER 8 Global Moderator

    Depends - maybe he wants to serve something to the public.. Can not let the whole world vpn to your network ;)

    I want to serve up some website to the public, I don't setup a vpn in that scenario ;) But sure you wouldn't port forward to your box that you want to RDP too ;) That would have serious security issues..

    I have a port forward to my plex server for example - I can not expect everyone to vpn to access it, while that would be a more secure option. Problem is a users TV can not vpn, nor do they have a router were we could even setup a vpn even though that would be a much more secure setup.

    So you compromise and do what you can to allow the access. plex server is isolated from the rest of my network.. I use a different port than the standard 32400, really to just help with the log noise. And I also lock down the port forward to countries my users are in (via pfblocker geoip aliases). I tried just locking it down to their IPs... But this proves to be difficult getting the information from them. And then prevents them from using their devices while traveling.. Say they bring their roku stick to a hotel with them, etc. And when they are on a IPv6 device, they get random IPv4 address via whatever ipv6toipv4 gateway their service is using.. Phones tend to do this quite a bit.. Since many phones are only getting IPv6 addresses.. And even if my plex was served up on IPv6 - been toying with doing that. The source IP would change all the time..

    So yes you should always use the most secure way to access your resources remotely.. A vpn is not always possible.

Log in to reply