steve1977 Posted December 11, 2017 Share Posted December 11, 2017 Not sure where on the forum this is best posted, so putting under general. Unfortunately, my ISP does not allow me to forward ports. I do have a router VPN, which allows to automatically open all ports if I pay extra for a private IP. I am curious whether this is advisable from a security perspective. After opening all ports, I got a lot of comments in the log around access attempts on port 80. Not sure this is hacker related or something else? In general, it is not clear to me whether I am exposing myself to big trouble when opening / forwarding ports. My main intent is to access Unraid away from home via a VPN server (in Unraid docker), but this requires to open a port. Quote Link to comment
ashman70 Posted December 11, 2017 Share Posted December 11, 2017 (edited) Outside of using a VPN, opening ports is not a good idea. You will absolutely be exposing yourself to hackers so don’t do it. There are certain circumstances where it is necessary to open ports but generally speaking for things like remote access vpn’s are the only way it should be done IMO. Edited December 11, 2017 by ashman70 Quote Link to comment
steve1977 Posted December 11, 2017 Author Share Posted December 11, 2017 Thanks. So, what are my choices? If I want to use a VPN, it looks like my only choice is to open all ports? Also, I was playing with the idea to route the traffic through a VPS and only open the port(s) on the VPS. But this may not be trivial to set up? Quote Link to comment
miniwalks Posted December 11, 2017 Share Posted December 11, 2017 What do you mean your ISP doesn’t allow you to forward ports, only CGNAT would allow that to be the case in the ISPs defence. Go to a new ISP who isn’t a douche canoe and go from there would be my bet. Sent from my iPhone using Tapatalk Quote Link to comment
itimpi Posted December 11, 2017 Share Posted December 11, 2017 9 hours ago, steve1977 said: Thanks. So, what are my choices? If I want to use a VPN, it looks like my only choice is to open all ports? Also, I was playing with the idea to route the traffic through a VPS and only open the port(s) on the VPS. But this may not be trivial to set up? Normally when using a VPN to connect to your home system the only port you open in the router is the one the VPN connection is coming in on. The VPN software will be securing the connection through this port using encryption and digital certificates. The client machine can then (via the VPN server running on your home LAN) open any LAN address/port combination on your home LAN. This is different to the case where you are using a vPN to connect from your home LAN to the public internet where your home LAN is the client end and the VPN server is somewhere else on the internet. Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.