Re: [slim] Blocking Incoming Connections...
Well I think I've been using it since 2003 or so, almost every time in "true" bridged mode. If you throw a pair of config files at me I may even be of help. OpenVPN is a real gem, IMHO. -- epoch1970 Daily dose delivered by: 3 SB Classic, 1 SB Boom iPeng (iPhone + iPad) Squeezebox Server 7.6 (Debian 5.0) with plugins: MusicIP Server Power Control by Gordon Harris WeatherTime by Martin Rehfeld IRBlaster by Gwendesign (Felix) Find cover art by bpa BBC iPlayer, SwitchPlayer by Triode PowerSave by Jason Holtzapple TrackStat, Song Info, Song Lyrics by Erland Isaksson SaverSwitcher, ContextMenu by Peter Watkins. epoch1970's Profile: http://forums.slimdevices.com/member.php?userid=16711 View this thread: http://forums.slimdevices.com/showthread.php?t=89919 ___ discuss mailing list discuss@lists.slimdevices.com http://lists.slimdevices.com/mailman/listinfo/discuss
Re: [slim] Blocking Incoming Connections...
epoch1970;653689 Wrote: > Perhaps your router on the SB3 end can run openvpn ? > In this case, set it up as an openvpn "client", and have it try connect > continuously to somesuch.dyndns.com (the PC or the router at home) > On the PC or router at home run both openvpn and dyndns DNS daemon to > refresh the IP pointer to somesuch.dyndns.com. > On the openvpn "server" instance use bridged mode to extend your home > network to the remote router and SB3. Player/server discovery will > work, playing FLAC files without rebuffering will probably be a bit > difficult, but everything else should work perfect. DHCP too if this is > what your SB3 uses. > On both sides use certificates to identify both ends and allow > connection. You may want to use a cipher for the tunnel (which will > hammer the router a bit) but if you don't the effect is that someone > listening on the connection will be able to read the data stream. In > this specific case I don't see this is an issue. Handshake always stays > secure by use of certificate/private key. > Openvpn is an ssl VPN, it is very robust and resilent to NAT. > > I guess you can do about the same using ssh, certificates, map ports > and somehow use a daemon on the router to reconnect. But all this looks > so much like openvpn How nice of you to be so specific and instructional ! -- pski real stereo doesn't just wake the neighbors, it -enrages- them.. It is truly the Golden Age of Wireless pski's Profile: http://forums.slimdevices.com/member.php?userid=15574 View this thread: http://forums.slimdevices.com/showthread.php?t=89919 ___ discuss mailing list discuss@lists.slimdevices.com http://lists.slimdevices.com/mailman/listinfo/discuss
Re: [slim] Blocking Incoming Connections...
that is a good idea! -- wbaobao wbaobao's Profile: http://forums.slimdevices.com/member.php?userid=49389 View this thread: http://forums.slimdevices.com/showthread.php?t=89919 ___ discuss mailing list discuss@lists.slimdevices.com http://lists.slimdevices.com/mailman/listinfo/discuss
Re: [slim] Blocking Incoming Connections...
I have a blog,and some information in it may help you! -- wbaobao wbaobao's Profile: http://forums.slimdevices.com/member.php?userid=49389 View this thread: http://forums.slimdevices.com/showthread.php?t=89919 ___ discuss mailing list discuss@lists.slimdevices.com http://lists.slimdevices.com/mailman/listinfo/discuss
Re: [slim] Blocking Incoming Connections...
Right, that's that sorted, then. -- pallfreeman Always look before you leap. He who hesitates is lost. SAVE THE KITTEN, VOTE FOR BUG #17411. pallfreeman's Profile: http://forums.slimdevices.com/member.php?userid=37667 View this thread: http://forums.slimdevices.com/showthread.php?t=89919 ___ discuss mailing list discuss@lists.slimdevices.com http://lists.slimdevices.com/mailman/listinfo/discuss
Re: [slim] Blocking Incoming Connections...
staresy;653575 Wrote: > OK my cunning plan didn't work as the ISP seems to allocate completley > random public ip addresses. > > So, after a bit of reading it seems that SSH might be the way to go but > I haven't got a clue how to set this up or, indeed, if it is possible > with my set up. Can anyone offer any advise here? > > My setup is: > > - remote SB3, no PC, just connected to a wireless router and the > internet > - dynamic public IP address on this router > - at home, Windows Home Server running SC, connected to router and > internet > - again, dydnamic IP at this end > > If this isn't poossble, what are the worst consequences of leaving the > two ports for remote access unprotected? > > Thanks for your help. > DrS Perhaps your router on the SB3 end can run openvpn ? In this case, set it up as an openvpn "client", and have it try connect continuously to somesuch.dyndns.com (the PC or the router at home) On the PC or router at home run both openvpn and dyndns DNS daemon to refresh the pointer to the IP used for home. On the openvpn "server" instance use bridged mode to extend your home network to the remote router and SB3. Player/server discovery will work, playing FLAC files without rebuffering will probably be a bit difficult, but everything else should work perfect. On both sides use certificates to identify both ends and allow connection. You may want to use a cipher for the tunnel (which will hammer the router a bit) but if you don't the effect is that someone listening on the connection will be able to read the data stream. In this specific case I don't see this is an issue. Handshake always stays secure by use of certificate/private key. Openvpn is an ssl VPN, it is very robust and resilent to NAT. I guess you can do about the same using ssh, certificates, map ports and somehow use a daemon on the router to reconnect. But all this looks so much like openvpn -- epoch1970 Daily dose delivered by: 3 SB Classic, 1 SB Boom iPeng (iPhone + iPad) Squeezebox Server 7.6 (Debian 5.0) with plugins: MusicIP Server Power Control by Gordon Harris WeatherTime by Martin Rehfeld IRBlaster by Gwendesign (Felix) Find cover art by bpa BBC iPlayer, SwitchPlayer by Triode PowerSave by Jason Holtzapple TrackStat, Song Info, Song Lyrics by Erland Isaksson SaverSwitcher, ContextMenu by Peter Watkins. epoch1970's Profile: http://forums.slimdevices.com/member.php?userid=16711 View this thread: http://forums.slimdevices.com/showthread.php?t=89919 ___ discuss mailing list discuss@lists.slimdevices.com http://lists.slimdevices.com/mailman/listinfo/discuss
Re: [slim] Blocking Incoming Connections...
staresy;653575 Wrote: > OK my cunning plan didn't work as the ISP seems to allocate completley > random public ip addresses. > > So, after a bit of reading it seems that SSH might be the way to go but > I haven't got a clue how to set this up or, indeed, if it is possible > with my set up. Can anyone offer any advise here? > > My setup is: > > - remote SB3, no PC, just connected to a wireless router and the > internet > - dynamic public IP address on this router > - at home, Windows Home Server running SC, connected to router and > internet > - again, dydnamic IP at this end > > If this isn't poossble, what are the worst consequences of leaving the > two ports for remote access unprotected? > > Thanks for your help. > DrS You would at least want to enable the user/password feature. As I typed earlier, you would do better to enable remote access to your WHS and install a notifier on each end. That way, you would always be able to access the settings of the webUI to get to the list of allowed addresses. This way, you would also be able to completely disable remote access by remotely using the web browser on your WHS machine to change the router settings. Note that the "default" port for RDP is 3389. When you make your router rule, you can 'redirect' that: For example direct port 5557 to port 3389 on your WHS. This will keep people who snoop your address on port 3389 from getting a "logon" from RDP. Then on the remote machine, you direct RDP to connect to xxx.yyy.zzz.aaa:5557 Your router follows the rule and sends the traffic to your WHS and you're in. SSH would be more secure but you will still have to know the addresses... P -- pski real stereo doesn't just wake the neighbors, it -enrages- them.. It is truly the Golden Age of Wireless pski's Profile: http://forums.slimdevices.com/member.php?userid=15574 View this thread: http://forums.slimdevices.com/showthread.php?t=89919 ___ discuss mailing list discuss@lists.slimdevices.com http://lists.slimdevices.com/mailman/listinfo/discuss
Re: [slim] Blocking Incoming Connections...
pallfreeman;653474 Wrote: > It's a reasonable assumption, although it will allow about 250 other > people to connect. :) > > SBS tells me that Block Incoming Connections only applies to HTTP and > CLI connections. It may not work for players, only for browsers. It > only seems to want addresses, and not names. > > If it works with names, you could register the remote player with a > DDNS provider. Block does prevent/allow player connections. -- pski real stereo doesn't just wake the neighbors, it -enrages- them.. It is truly the Golden Age of Wireless pski's Profile: http://forums.slimdevices.com/member.php?userid=15574 View this thread: http://forums.slimdevices.com/showthread.php?t=89919 ___ discuss mailing list discuss@lists.slimdevices.com http://lists.slimdevices.com/mailman/listinfo/discuss
Re: [slim] Blocking Incoming Connections...
i thinkhe intends to use SSH for security, the built in security in SBS in not very good. On ocasion i stream remotely, but i'm closing the router ports after i'm done and turn off the server. the beytu of routher fw that lets you boot things frommthe internet, turn of is done bybthe servers normal web-UI I have nothing but music on my server, no personal information that matters not even pictures. so security is no concern, if the mob installs a warez website on it I can trow it into a lake and buIld a new one :-) and restore my music from the backups. -- Mnyb Main hifi: Touch + CIA PS +MeridianG68J MeridianHD621 MeridianG98DH 2 x MeridianDSP5200 MeridianDSP5200HC 2 xMeridianDSP3100 +Rel Stadium 3 sub. Bedroom/Office: Boom Kitchen: SB3 + powered Fostex PM0.4 Misc use: Radio (with battery) iPad 64gB wifi +3g with iPengHD & SqueezePad Mnyb's Profile: http://forums.slimdevices.com/member.php?userid=4143 View this thread: http://forums.slimdevices.com/showthread.php?t=89919 ___ discuss mailing list discuss@lists.slimdevices.com http://lists.slimdevices.com/mailman/listinfo/discuss
Re: [slim] Blocking Incoming Connections...
Your ISP is assigning a random address. At both ends. Without some third party to keep track of these addresses, neither end of your setup knows which address to use to get to the other. Dynamic DNS solves these problems to some extent. Check if your DSL routers have the ability to register with a Dynamic DNS provider. You might be able to get hold of some little utility to do this from your PC, but it's the other end which really needs it. I'm not sure why you think SSH can help. Surely it would have the same problem, not knowing the addresses, as SBS has? Probably, though, the worst that could happen is that someone who knows what you're up to could get access to your SBS and loudly play you Merzbow's greatest hits. -- pallfreeman Always look before you leap. He who hesitates is lost. SAVE THE KITTEN, VOTE FOR BUG #17411. pallfreeman's Profile: http://forums.slimdevices.com/member.php?userid=37667 View this thread: http://forums.slimdevices.com/showthread.php?t=89919 ___ discuss mailing list discuss@lists.slimdevices.com http://lists.slimdevices.com/mailman/listinfo/discuss
Re: [slim] Blocking Incoming Connections...
OK my cunning plan didn't work as the ISP seems to allocate completley random public ip addresses. So, after a bit of reading it seems that SSH might be the way to go but I haven't got a clue how to set this up or, indeed, if it is possible with my set up. Can anyone offer any advise here? My setup is: - remote SB3, no PC, just connected to a wireless router and the internet - dynamic public IP address on this router - at home, Windows Home Server running SC, connected to router and internet - again, dydnamic IP at this end If this isn't poossble, what are the worst consequences of leaving the two ports for remote access unprotected? Thanks for your help. DrS -- staresy staresy's Profile: http://forums.slimdevices.com/member.php?userid=807 View this thread: http://forums.slimdevices.com/showthread.php?t=89919 ___ discuss mailing list discuss@lists.slimdevices.com http://lists.slimdevices.com/mailman/listinfo/discuss
Re: [slim] Blocking Incoming Connections...
staresy;653246 Wrote: > Is that a reasonable assumption? If not what are my other options...? > It's a reasonable assumption, although it will allow about 250 other people to connect. :) SBS tells me that Block Incoming Connections only applies to HTTP and CLI connections. It may not work for players, only for browsers. It only seems to want addresses, and not names. If it works with names, you could register the remote player with a DDNS provider. -- pallfreeman Always look before you leap. He who hesitates is lost. SAVE THE KITTEN, VOTE FOR BUG #17411. pallfreeman's Profile: http://forums.slimdevices.com/member.php?userid=37667 View this thread: http://forums.slimdevices.com/showthread.php?t=89919 ___ discuss mailing list discuss@lists.slimdevices.com http://lists.slimdevices.com/mailman/listinfo/discuss
Re: [slim] Blocking Incoming Connections...
staresy;653246 Wrote: > Hi thanks for the reply. That's exactly how I set it up but I notice > that the ip address of the remote location has change - probably > because it's a dynamic address allocated by the isp and the remote > rouuter has been rebooted. > > Any easy way around this? My thought is to open up the remote address > to zzz.xxx.yyy.* to allow a range of address in - this would work on > the assumption that the ISP would only ever allocate an IP address > within a fixed range. > > Is that a reasonable assumption? If not what are my other options...? > > Thanks, > DrS Since the * there only allows for 256 different addresses, you might have to use zzz.xxx.* You can also turn-on user/password. What OS/version is the SBS host? I use remote desktop (securely) to let me get remote control of the SBS host so I can unblock addresses remotely. If you have Windows Home versions, you can use VNC to do the same thing. (There are also patches that add RDP to Home versions- no warranty expressed or implied.) <"Home" versions contain the program to "take over" a remote machine but they do not include being remotely controlled- VNC is a free program that provides this function to/from any Windows/Mac/Unix/Linux systems.) In either of these cases you'll also open ports on your modem/router and the SBS host would absolutely have to have a user (as opposed to a SBS) password. If you are into programming you can google "dynamic IP notify" for some free programs that can run on the remote system. They monitor the IP and send an email when it changes. p -- pski real stereo doesn't just wake the neighbors, it -enrages- them.. It is truly the Golden Age of Wireless pski's Profile: http://forums.slimdevices.com/member.php?userid=15574 View this thread: http://forums.slimdevices.com/showthread.php?t=89919 ___ discuss mailing list discuss@lists.slimdevices.com http://lists.slimdevices.com/mailman/listinfo/discuss
Re: [slim] Blocking Incoming Connections...
Hi thanks for the reply. That's exactly how I set it up but I notice that the ip address of the remote location has change - probably because it's a dynamic address allocated by the isp and the remote rouuter has been rebooted. Any easy way around this? My thought is to open up the remote address to zzz.xxx.yyy.* to allow a range of address in - this would work on the assumption that the ISP would only ever allocate an IP address within a fixed range. Is that a reasonable assumption? If not what are my other options...? Thanks, DrS -- staresy staresy's Profile: http://forums.slimdevices.com/member.php?userid=807 View this thread: http://forums.slimdevices.com/showthread.php?t=89919 ___ discuss mailing list discuss@lists.slimdevices.com http://lists.slimdevices.com/mailman/listinfo/discuss
Re: [slim] Blocking Incoming Connections...
staresy;653084 Wrote: > Hi, > I've set up a remote SB3 to access my server over the net. I've opened > up the ports and forwarded them on my router. All works OK. > > I now want to secure the system a bit and am trying to use the "block > incoming connections" feature in squeezecenter but can't get it to > work. > > My understanding is that I check the box to say block incoming > connections and then add a list of allowed IPs in the following box. > > In the box I have: > > 127.0.0.1,192.168.0.*,xxx.yyy.zzz.aaa > > The 127.0.0.1 is the local host I think, the 192.168.0 allows the local > players on my NW to connect and the final address should allow the > remote SB3 to connect, right? > > But if I check the tick box I can connect locally from the players on > my NW, but the remote player hangs saying "connecting to server..." and > never does. > > Unchecking the box and all works again but obviously with no security. > > Am I missing something out or misunderstanding how this works? > > Thanks, > DrS On the remote computer, go to whatismyip.com to get your "remote" ip. Then the box should say (if whatismyip says you are at 111.222.333.444) 127.0.0.1, 192.168.0.*, 111.222.333.444 Each "remote" location will have it's own ip you will need to add. P -- pski real stereo doesn't just wake the neighbors, it -enrages- them.. It is truly the Golden Age of Wireless pski's Profile: http://forums.slimdevices.com/member.php?userid=15574 View this thread: http://forums.slimdevices.com/showthread.php?t=89919 ___ discuss mailing list discuss@lists.slimdevices.com http://lists.slimdevices.com/mailman/listinfo/discuss
[slim] Blocking Incoming Connections...
Hi, I've set up a remote SB3 to access my server over the net. I've opened up the ports and forwarded them on my router. All works OK. I now want to secure the system a bit and am trying to use the "block incoming connections" feature in squeezecenter but can't get it to work. My understanding is that I check the box to say block incoming connections and then add a list of allowed IPs in the following box. In the box I have: 127.0.0.1,192.168.0.*,xxx.yyy.zzz.aaa The 127.0.0.1 is the local host I think, the 192.168.0 allows the local players on my NW to connect and the final address should allow the remote SB3 to connect, right? But if I check the tick box I can connect locally from the players on my NW, but the remote player hangs saying "connecting to server..." and never does. Unchecking the box and all works again but obviously with no security. Am I missing something out or misunderstanding how this works? Thanks, DrS -- staresy staresy's Profile: http://forums.slimdevices.com/member.php?userid=807 View this thread: http://forums.slimdevices.com/showthread.php?t=89919 ___ discuss mailing list discuss@lists.slimdevices.com http://lists.slimdevices.com/mailman/listinfo/discuss