New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Work out what port forwarding we want on our static IP #817

Open
amcewen opened this Issue Jun 1, 2018 · 10 comments

Comments

Projects
None yet
4 participants
@amcewen
Member

amcewen commented Jun 1, 2018

@mattwilsondotuk has got a static IP address for us (just waiting for when he can get into the server cabinet downstairs to install a router for it) and he'll let us know when it's live (there'll also be ~30 minutes downtime when that happens, but it should be around midnight one day).

We need to work out what port forwarding we want from that. We can always request more in the future, but what do we want set up initially?

@johnmckerrell

This comment has been minimized.

Member

johnmckerrell commented Jun 1, 2018

The obvious ones to me are doorbots and webcams. We don't have the webcams active yet but perhaps we reserve some ready? So starter-for-ten:

  • 2223-2227 for doorbots
  • 8081-8085 for webcams

I'm assuming they just get port forwarded in to our router where we can then forward to a specific IP address, so we don't need to know the IP address now? Actually even if that's the case we could always assign IP addresses now as we've done for doorbots.

@skos-ninja

This comment has been minimized.

skos-ninja commented Jun 1, 2018

Just a thought is we should probably not port forward things that provide access to the building and instead we should vpn into the network to then access that stuff?

@johnmckerrell

This comment has been minimized.

Member

johnmckerrell commented Jun 1, 2018

While it wouldn't worry me too much as I'm confident in the security given by SSH (and that's the only thing we'd be port forwarding) being able to VPN in wouldn't be a bad thing either.

@skos-ninja

This comment has been minimized.

skos-ninja commented Jun 1, 2018

Yeah I would trust SSH however making sure everything is kept up to date packages wise (with webcams that's a fun task!) is difficult and can be bad if someone managed to get into the front shutter Pi!

@skos-ninja

This comment has been minimized.

skos-ninja commented Jun 1, 2018

For this to begin with I would say we should setup a vpn service on the networking Pi once I have rebuilt the image and then go from there as that should then give you access to any cameras and doorbots.

In future though I wonder if it's worth once we have an IPv6 block then we can just assign every device an IP and then they can access it externally from there and use per device firewall?

@johnmckerrell

This comment has been minimized.

Member

johnmckerrell commented Jun 1, 2018

@skos-ninja

This comment has been minimized.

skos-ninja commented Jun 1, 2018

So I completely forgot that the UniFi Security Gateway actually supports running a VPN server on it so we can use that instead!

Once the Pi is setup I will go through the steps of setting this up and then give you the port and then the L2TP key. You can have multiple logins so this would be the best approach

@ajlennon

This comment has been minimized.

Contributor

ajlennon commented Jun 1, 2018

Can I have whichever port was forwarded into my Linux build box back. Thanks.

@amcewen

This comment has been minimized.

Member

amcewen commented Aug 28, 2018

We've now got a static IP, so we can ask for whatever port-forwarding we're after.

@skos-ninja

This comment has been minimized.

skos-ninja commented Aug 28, 2018

Is there a reason why Baltic can not just DMZ our router and then we can port forward from there?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment