Author |
Message |
xfer_9001@yahoo.com
|
Posted: Wed Aug 31, 2005 9:17 am |
|
Joined: Wed Aug 31, 2005 9:01 am
Posts: 1
|
Hi All-
Lots of good stuff in this forum! I am planning to build my MythTV box but first wanted to know what people are doing to secure their SOHO network?
My current (primitive) security setup is:
1. I turn off the DSL modem when not in use;
2. I have a router/firewall combo connected to the DSL modem;
3. Since my home PCs are running on Win XP, each PCs are protected with ZA Pro (yeah, I am paranoid)
From what I read, MythTV in general runs 24x7 (unless you setup the wake-up script), which means I need to leave my DSL modem and firewall on all the time.
My specific questions are:
1. If you have a firewall, are you "punching" a hole to allow MythTV unfettered access to the Internet?
2. Or are you opening up the firewall for the MythTV PC (sort of like unsecured tunneling)
3. In either case, aren't you exposing your PC for hacking, even if you restrict the ip table?
3. Which port is used by MythTV to obtain programming info?
TIA
xfer
|
|
Top |
|
|
khrusher
|
Posted: Wed Aug 31, 2005 9:30 am |
|
Joined: Tue Apr 13, 2004 6:51 pm
Posts: 890
Location:
Groton, MA
|
The only reason to open up any ports on the firewall would be to allow access to the mythbox from the internet. Myth will run fine on the LAN without external access.
There are times when the mythbox pulls data from the internet... tv listings, time server syncs (optional). but these are LAN initiated and do not compromize the firewall.
All that said, there are reasons that holes are opened....I for one use MythWeb from work to schedule recordings. I also use SSH and webmin from work to tweek the box during day.
With some additoinal code and setup, I also watch recordings and Live TV form my office.
all of these access methods require a firewall rule or 'hole' and matching security considerations.
_________________ R5F1 - Dell P4 2.4Ghz 500MB - PVR250 x 2 - GeForce FX 5200 - Onboard sound/NIC 80GB ATA/250GB ATA/400GB SATA
|
|
Top |
|
|
Girkers
|
Posted: Wed Aug 31, 2005 9:37 am |
|
Joined: Tue Mar 22, 2005 9:18 pm
Posts: 1422
Location:
Brisbane, Queensland, Australia
|
To backup what khrusher has said, when a computer on your internal network request an external resource, webpage, data, etc the router stores this request and when the information from the internet is returned the router remembers who requested it and forwards on internally.
If you firewall is configured correctly unsolicted traffic will just be dumped.
This is a simplification and if you want to find out more, I suggest you do some reading a NAT (Network Address Translation).
_________________ Girkers
|
|
Top |
|
|
khrusher
|
Posted: Wed Aug 31, 2005 11:06 am |
|
Joined: Tue Apr 13, 2004 6:51 pm
Posts: 890
Location:
Groton, MA
|
with properly configured router/wirewall device, you shouldn't need to turn off modem. this is true at least for common devices.
these devices have default settings that provided maximum security. no access from the WAN side of the router to the LAN.
_________________ R5F1 - Dell P4 2.4Ghz 500MB - PVR250 x 2 - GeForce FX 5200 - Onboard sound/NIC 80GB ATA/250GB ATA/400GB SATA
|
|
Top |
|
|