So, I have 2 raspberry Pi and I want to access them from outside of my network (bassically from my mobile phone) but here comes the problem, every time I try to access to the rpi2 it goes for the rpi3! Obviously all works fine when I'm on pc because I use internal ip but what I need to do if I want to do it from my phone (I use serverauditor on AppStore in my phone)
I'll tell you what I have on each rpi
(Main)Raspberry Pi 3 Model B:
(192.168.0.19)
Exagear
Teamspeak server
Phpbb forum software
(And obvious software for running it: Apache, php5, MySQL,...)
(Secondary-server tester)Raspberry Pi 2 Model B
(192.168.0.16)
Exagear
SteamCmd
Another question, I've searched for an iOS app who allows to connect to the rpi3 teamspeak telnet service (for managing purposes) but didn't found anything working, any ideas?
Thank you so much for your help!!
-
MarkHaysHarris777
- Posts: 1820
- Joined: Mon Mar 23, 2015 7:39 am
- Location: Rochester, MN
- Contact: Website
Re: Networking help, please?
note: you should never post your networking information on-line under any circumstance: 1) its not necessary to solve the problem, and 2) someone will use it to own you...
... to get to your systems from the outside (assuming your router is setup to do port forwarding, you will only be able to get to ONE machine per port. So, the way I get to my systems with ssh is to change the port numbers in /etc/ssh/sshd_config to something high above 5000 (you should do this anyways for security) where each machine has a 'different' port number. Then, on your router forward those ports accordingly. You can't use reliably port 22 because you only have ONE port 22, and every cracker in the world and every bot net machine will be hitting it !
The other solution (which is better) is to setup a VPN server on your PI (works great by the way) and then you can login to your home network like you're sitting there... and all internal addresses will be available to you and you only have to forward port 1194 udp on your router.
... to get to your systems from the outside (assuming your router is setup to do port forwarding, you will only be able to get to ONE machine per port. So, the way I get to my systems with ssh is to change the port numbers in /etc/ssh/sshd_config to something high above 5000 (you should do this anyways for security) where each machine has a 'different' port number. Then, on your router forward those ports accordingly. You can't use reliably port 22 because you only have ONE port 22, and every cracker in the world and every bot net machine will be hitting it !
The other solution (which is better) is to setup a VPN server on your PI (works great by the way) and then you can login to your home network like you're sitting there... and all internal addresses will be available to you and you only have to forward port 1194 udp on your router.
marcus
Re: Networking help, please?
Is someone going to hack into those 192.168.x.x addresses based on that post?MarkHaysHarris777 wrote:note: you should never post your networking information on-line under any circumstance: 1) its not necessary to solve the problem, and 2) someone will use it to own you...
There was no publicly accessible information in that post.
-
MarkHaysHarris777
- Posts: 1820
- Joined: Mon Mar 23, 2015 7:39 am
- Location: Rochester, MN
- Contact: Website
Re: Networking help, please?
Of course not... not the addresses specifically... I'm referring to the entire post; I know a lot about his setup (although in this case its minimal, I was making a general valid point):rpdom wrote:Is someone going to hack into those 192.168.x.x addresses based on that post?MarkHaysHarris777 wrote:note: you should never post your networking information on-line under any circumstance: 1) its not necessary to solve the problem, and 2) someone will use it to own you...
There was no publicly accessible information in that post.
1) he has exposed several PIs to the outside (on port 22!)
2) his router does port forwarding on standard ports!
3) he's using teamspeak and exagear
My main point is primarily academic (a just be aware kind-a-thing) that you want to limit the kinds of
information you post about your networking setup on-line (whatever that might be).
(it was intended to be helpful)
marcus
Re: Networking help, please?
So we can kill 2 birds with one stone then.
Your problem is the router forwards a hit on port 22/tcp (SSH) to the Pi 2 on 22/tcp.
Since indeed having 22/tcp open on the internet is quite unwise, have the router forward, say, 1234/tcp to 22/tcp on the Pi 2 and 6789/tcp to 22/tcp on the Pi 3.
You have to configure your client to use those ports instead of 22/tcp (I suppose it supports configuring the tcp port)
Absolutely disable login as the root user (since user "root" is a well-known) over SSH. Change the user "Pi" to some other name. Limit the number of users that have an account on the machine and can login. Use insanely long, truly random passwords for each account on each machine, or better use key/certificates to authenticate the SSH connection. Keep your system up-to-date as known OS security flaws are quickly exploited (by programs.)
Consider what could happen if someone were to become root on the Pi: destroy your files, install some listening software, attack other machines... Then take the appropriate actions to mitigate the risks: have a backup of your files, monitor what the Pis are doing/what your bandwidth consumption is regularly, move the Pis away from other valuable computers to another network...
The general idea is to get just slightly more paranoid than your neighbours. If your system is a little harder to crack and no more interesting than theirs, then it won't be (statistically... I'm not promising anything
) So don't boast too much about your network as Marcus says: defense against random, brute force attacks is possible, it is a statistical thing. Defense against a social engineering attack (like: your password is your dog's name that's plastered all over your FB account) is extremely difficult.
Don't go over the top either with "security" measures. There is nothing worse than a badly executed or ill-maintained "secure" setup: you stop feeling danger yet the risk is still there so you're ripe to get caught off-guard.
What you need is to balance risks and remedies, and most importantly, reconsider your options regularly.
Your problem is the router forwards a hit on port 22/tcp (SSH) to the Pi 2 on 22/tcp.
Since indeed having 22/tcp open on the internet is quite unwise, have the router forward, say, 1234/tcp to 22/tcp on the Pi 2 and 6789/tcp to 22/tcp on the Pi 3.
You have to configure your client to use those ports instead of 22/tcp (I suppose it supports configuring the tcp port)
Absolutely disable login as the root user (since user "root" is a well-known) over SSH. Change the user "Pi" to some other name. Limit the number of users that have an account on the machine and can login. Use insanely long, truly random passwords for each account on each machine, or better use key/certificates to authenticate the SSH connection. Keep your system up-to-date as known OS security flaws are quickly exploited (by programs.)
Consider what could happen if someone were to become root on the Pi: destroy your files, install some listening software, attack other machines... Then take the appropriate actions to mitigate the risks: have a backup of your files, monitor what the Pis are doing/what your bandwidth consumption is regularly, move the Pis away from other valuable computers to another network...
The general idea is to get just slightly more paranoid than your neighbours. If your system is a little harder to crack and no more interesting than theirs, then it won't be (statistically... I'm not promising anything
) So don't boast too much about your network as Marcus says: defense against random, brute force attacks is possible, it is a statistical thing. Defense against a social engineering attack (like: your password is your dog's name that's plastered all over your FB account) is extremely difficult.Don't go over the top either with "security" measures. There is nothing worse than a badly executed or ill-maintained "secure" setup: you stop feeling danger yet the risk is still there so you're ripe to get caught off-guard.
What you need is to balance risks and remedies, and most importantly, reconsider your options regularly.
"S'il n'y a pas de solution, c'est qu'il n'y a pas de problème." Les Shadoks, J. Rouxel