December 11, 20178 yr Not sure where on the forum this is best posted, so putting under general. Unfortunately, my ISP does not allow me to forward ports. I do have a router VPN, which allows to automatically open all ports if I pay extra for a private IP. I am curious whether this is advisable from a security perspective. After opening all ports, I got a lot of comments in the log around access attempts on port 80. Not sure this is hacker related or something else? In general, it is not clear to me whether I am exposing myself to big trouble when opening / forwarding ports. My main intent is to access Unraid away from home via a VPN server (in Unraid docker), but this requires to open a port.
December 11, 20178 yr Outside of using a VPN, opening ports is not a good idea. You will absolutely be exposing yourself to hackers so don’t do it. There are certain circumstances where it is necessary to open ports but generally speaking for things like remote access vpn’s are the only way it should be done IMO. Edited December 11, 20178 yr by ashman70
December 11, 20178 yr Author Thanks. So, what are my choices? If I want to use a VPN, it looks like my only choice is to open all ports? Also, I was playing with the idea to route the traffic through a VPS and only open the port(s) on the VPS. But this may not be trivial to set up?
December 11, 20178 yr What do you mean your ISP doesn’t allow you to forward ports, only CGNAT would allow that to be the case in the ISPs defence. Go to a new ISP who isn’t a douche canoe and go from there would be my bet. Sent from my iPhone using Tapatalk
December 11, 20178 yr 9 hours ago, steve1977 said: Thanks. So, what are my choices? If I want to use a VPN, it looks like my only choice is to open all ports? Also, I was playing with the idea to route the traffic through a VPS and only open the port(s) on the VPS. But this may not be trivial to set up? Normally when using a VPN to connect to your home system the only port you open in the router is the one the VPN connection is coming in on. The VPN software will be securing the connection through this port using encryption and digital certificates. The client machine can then (via the VPN server running on your home LAN) open any LAN address/port combination on your home LAN. This is different to the case where you are using a vPN to connect from your home LAN to the public internet where your home LAN is the client end and the VPN server is somewhere else on the internet.
Archived
This topic is now archived and is closed to further replies.