Yoel Koenka : > Hi all, > I have a security question. > Isn't it a security issue, connecting my freedombox to my router? Hey, same config for me. Freedombox will offer services to LAN + WAN, because network card is set up as "internal". Plinth web interface will be available only for LAN, + hidden service as .onion if you enabled it by Tor menu... so everybody who knows your .onion name can use Plinth, ssh, over Tor network
If in your home router you don't forward external ports to internal ports, I think there isn't security problem. The router is here to share the world network to the local network. By default, the router will block all incoming connections. That's why if you want to use OpenVPN for example, you have to forward external ports to your internal Freedombox ports, to make it possible to reach your OpenVPN server hosted in fbx. > Most of the recommended hardware include only one ethernet port, so > you have to connect your modem to a router and the freedombox connects > to this router, like your own PC. I've played a moment with an usb-lan dongle. It was working nice :) But there are others services on my LAN, on others servers, and I was not able to forward ports in Freedombox. For sure an expert will use iptables for this, but I'm too noob for this, and not enough time for now... My current router is really easy for setting this up ;) > My question is, isn't it a potential security breach? For all we know, > the router could send copies of our safely encrypted messages without > any of the security offered by Freedombox. > There is a lot being said about having an open-hardware freedombox and > an open-hardware USB-WiFi dongle, but I couldn't find anything about > the router itself. > > I guess the best would be to have an open-hardware hub and use it > instead of a router. > Can someone recommend on such a hardware? Ouch, a hub has not same features as a router. Hub will connect people on a the same network only. Router is able to share an internet connection to all your PCs, with a hub plugged behind ;) > Or did I miss something in my analysis and this isn't a risk at all? > > Thanks! > Joel May be I've said some mistakes... if someone else wants to fix, I'll be happy :)
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Freedombox-discuss mailing list Freedombox-discuss@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss