Using a SSH tunnel/ port forward to connect a TV?
from eyesaremosaics@lemmy.zip to selfhosted@lemmy.world on 16 Jun 10:19
https://lemmy.zip/post/66247017

I wanted to improve the security of a TV connecting to a server on a different LAN, and one approach I thought of is to use a RPi on the network to look after the secure connection.

So the pi could connect to the remove server through SSH, and forward the port locally. I thought this port could then be opened, and the TV can then be pointed at the pi on the local network.

Port forwarding to the pi works but I can’t connect to it from another device, even after setting firewall settings.

Basically the firewall rule is ufw allow from 192.168.1.0/24 port 1234

Does this idea work, or is there a better approach? Am I missing something in the setup?

#selfhosted

threaded - newest

eksb@programming.dev on 16 Jun 10:30 next collapse

Can you provide more detail? What are the networks/routers/vlans? Which network is the RPi on? What is your ssh command? Is that ufw command on the RPi or the router?

eyesaremosaics@lemmy.zip on 16 Jun 10:40 collapse

Ok there is a TV and a pi on network 1 and a server on network 2, the pi can connect to the server through SSH or VPN or whatever is needed. The TV would like to connect to the server, however it can’t run a VPN or anything like that so exposing the server would be a risk.

The SSH command on the pi is SSH -L 1234:localhost1234 remote_server

The ufw command was run on the pi, with the intention to allow the TV to access the forwarded port on the pi

eksb@programming.dev on 16 Jun 11:05 collapse

ssh -L 1234:localhost:1234 remote_server binds the RPi’s localhost:1234 to remote_server’s localhost:1234. You want to bind the port to something on the RPi that the TV can hit, so something like ssh -L 192.168.1.5:1234:localhost:1234 remote_server, where 192.168.1.5 is the RPi’s address.

I think you also want -N on the ssh command.

habitualTartare@lemmy.world on 16 Jun 13:04 next collapse

Are you connecting from a public network or something? like a hotel wifi or other?

The easiest solution would be to setup the pi as your router and use a VPN like wireguard (wg-easy) or tailscale.

if it is a public network, you can double NAT. There’s dedicated boxes like the GL.inet travel routers that support wireguard/openVPN and beta for tailscale. they have some features that work well with captive portals.

If it’s a home network, you can probably use your PI as a entry/exit node or VPN client instead of using ssh.

actionjbone@sh.itjust.works on 16 Jun 13:26 collapse

If you’re looking for security:

Keep the TV off your network entirely.

Use the Pi as a media computer.