raspi-owner
Posts: 63
Joined: Sun Aug 20, 2017 11:35 pm

port forwarding or dmz ??

Sun Aug 27, 2017 7:17 pm

Hi, i want to make sure that i choose the correct one before starting my web server on the pi, so:

1)The port forwarding is more secure as said on many forums "BUT" if a hacker could do his job than all my local connection is in danger

2) The DMZ is less secure "BUT" i'm only going to open port 80 and 443 and block everything else..And as i have seen, the DMZ make the pi outside the LAN so even if it hacked,it can't affect the other devices connected to the router.

please confirme for me if the DMZ is the best choise for me because i dont care if i have a hacked pi as long as other devices are fine.

User avatar
DougieLawson
Posts: 38854
Joined: Sun Jun 16, 2013 11:19 pm
Location: A small cave in deepest darkest Basingstoke, UK
Contact: Website Twitter

Re: port forwarding or dmz ??

Sun Aug 27, 2017 8:14 pm

Port forward and firewall is ALWAYS the better choice.

If you put any machine in a DMZ that opens ALL ports, your firewall rules need to be much more robust as you're relying on them to keep the baddies out.
Note: Any requirement to use a crystal ball or mind reading will result in me ignoring your question.

Criticising any questions is banned on this forum.

Any DMs sent on Twitter will be answered next month.
All non-medical doctors are on my foes list.

raspi-owner
Posts: 63
Joined: Sun Aug 20, 2017 11:35 pm

Re: port forwarding or dmz ??

Sun Aug 27, 2017 8:49 pm

DougieLawson wrote:
Sun Aug 27, 2017 8:14 pm
Port forward and firewall is ALWAYS the better choice.

If you put any machine in a DMZ that opens ALL ports, your firewall rules need to be much more robust as you're relying on them to keep the baddies out.
but what if i got hacked with port forwarding...the hacker will be able to see the other devices on the LAN and get them ??

and is there a good tutorial to make my pi more secure to block hacker to get to my LAN ??

User avatar
DougieLawson
Posts: 38854
Joined: Sun Jun 16, 2013 11:19 pm
Location: A small cave in deepest darkest Basingstoke, UK
Contact: Website Twitter

Re: port forwarding or dmz ??

Sun Aug 27, 2017 10:05 pm

No they won't if you apply some sensible security controls.

https://www.raspberrypi.org/documentati ... ecurity.md
Note: Any requirement to use a crystal ball or mind reading will result in me ignoring your question.

Criticising any questions is banned on this forum.

Any DMs sent on Twitter will be answered next month.
All non-medical doctors are on my foes list.

raspi-owner
Posts: 63
Joined: Sun Aug 20, 2017 11:35 pm

Re: port forwarding or dmz ??

Sun Aug 27, 2017 10:15 pm

DougieLawson wrote:
Sun Aug 27, 2017 10:05 pm
No they won't if you apply some sensible security controls.

https://www.raspberrypi.org/documentati ... ecurity.md
i did almost everything in that tutorial expect ssh key login and customizing the ufw..plus my fail2ban jail.local doesn't match with the one in the website (i have sshd insted of ssh),but it match a little bit the one in the git repository.

so now do i let everything as it is in ufw and fail2ban or must i customize them ??

User avatar
DougieLawson
Posts: 38854
Joined: Sun Jun 16, 2013 11:19 pm
Location: A small cave in deepest darkest Basingstoke, UK
Contact: Website Twitter

Re: port forwarding or dmz ??

Mon Aug 28, 2017 12:04 am

UFW starts inactive. Install gufw and you get a GUI to configure ufw.

Fail2ban needs the various jails enabling, depending on what services you're running and trying to protect.

RTFManPage for both, they have some useful details of what you need to do.
Note: Any requirement to use a crystal ball or mind reading will result in me ignoring your question.

Criticising any questions is banned on this forum.

Any DMs sent on Twitter will be answered next month.
All non-medical doctors are on my foes list.

raspi-owner
Posts: 63
Joined: Sun Aug 20, 2017 11:35 pm

Re: port forwarding or dmz ??

Mon Aug 28, 2017 12:42 am

will do my best to learn more about all this stuff..thank's for the answers.

Return to “Networking and servers”