I wanted to improve the security of a TV connecting to a server on a different LAN, and one approach I thought of is to use a RPi on the network to look after the secure connection.

So the pi could connect to the remove server through SSH, and forward the port locally. I thought this port could then be opened, and the TV can then be pointed at the pi on the local network.

Port forwarding to the pi works but I can’t connect to it from another device, even after setting firewall settings.

Basically the firewall rule is ufw allow from 192.168.1.0/24 port 1234

Does this idea work, or is there a better approach? Am I missing something in the setup?

  • eyesaremosaics@lemmy.zipOPEnglish
    1·
    10 hours ago

    Ok there is a TV and a pi on network 1 and a server on network 2, the pi can connect to the server through SSH or VPN or whatever is needed. The TV would like to connect to the server, however it can’t run a VPN or anything like that so exposing the server would be a risk.

    The SSH command on the pi is SSH -L 1234:localhost1234 remote_server

    The ufw command was run on the pi, with the intention to allow the TV to access the forwarded port on the pi

    • eksb@programming.devEnglish
      4·
      10 hours ago

      ssh -L 1234:localhost:1234 remote_server binds the RPi’s localhost:1234 to remote_server’s localhost:1234. You want to bind the port to something on the RPi that the TV can hit, so something like ssh -L 192.168.1.5:1234:localhost:1234 remote_server, where 192.168.1.5 is the RPi’s address.

      I think you also want -N on the ssh command.

      • eyesaremosaics@lemmy.zipOPEnglish
        1·
        2 hours ago

        That worked thanks, I didn’t know you could put an address like that in the -L command, and the -N is correct here too