I wanted to improve the security of a TV connecting to a server on a different LAN, and one approach I thought of is to use a RPi on the network to look after the secure connection.
So the pi could connect to the remove server through SSH, and forward the port locally. I thought this port could then be opened, and the TV can then be pointed at the pi on the local network.
Port forwarding to the pi works but I can’t connect to it from another device, even after setting firewall settings.
Basically the firewall rule is ufw allow from 192.168.1.0/24 port 1234
Does this idea work, or is there a better approach? Am I missing something in the setup?
Are you connecting from a public network or something? like a hotel wifi or other?
The easiest solution would be to setup the pi as your router and use a VPN like wireguard (wg-easy) or tailscale.
if it is a public network, you can double NAT. There’s dedicated boxes like the GL.inet travel routers that support wireguard/openVPN and beta for tailscale. they have some features that work well with captive portals.
If it’s a home network, you can probably use your PI as a entry/exit node or VPN client instead of using ssh.
It’s for a home network, I managed to get it working using port forwarding through SSH thanks to suggestions. I’m not sure what the difference is with using the pi as an entry/exit node, that is what I was trying to do with the SSH forwarding. VPN is also possible but it it would also need to be set up to go through the pi