this post was submitted on 09 Feb 2024
14 points (100.0% liked)

Selfhosted

40173 readers
652 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 1 year ago
MODERATORS
 

I have a client with locally hosted security cameras. There is a DVR box that has a port open and a 3rd party app you can view the cameras from. Traditionally we have been forwarding the port to the WAN via the router there. Its a restaraunt btw.

When the ISP upgrades the router every few years there's a huge headache trying to get the ports back open and bridging the modem and router blah blah blah. Not only this, even though they are supposed to have a static wan ip, it does change from time to time.

What i would like to do is plug in a raspberry pi on the network and forward the DVR's ports somewhere accessable.

Im thinking of something along the lines of wireguard, but just for a single ip/port that i can tunnel over ngrok. Seems doable but i'm having trouble finding the proper terms to google. Port forwarding generally brings up router config, and tunnelling seems to expect you to be on the device who's ports you wish to access.

Any advice?

top 12 comments
sorted by: hot top controversial new old
[–] [email protected] 13 points 9 months ago (1 children)

SSH can do just that, example:

ssh -L 8080:localhost:8080 user@host

[–] [email protected] 9 points 9 months ago

You can also automate this with autossh which is designed for exactly this kind of persistent tunnel. Although a simple "while" loop might seem like the intuitive way to keep it running, autossh is very reliable and takes care of all the corner cases for you.

[–] [email protected] 8 points 9 months ago* (last edited 9 months ago) (1 children)

Check out tailscale

You would configure your pi to be a subnet router it should be stupid easy to get going.

[–] [email protected] 1 points 9 months ago (3 children)

Something ive noticed from using wireguard from my phone is my traffic across the board slows down significantly while connected because everything is routed back home.

With tailscale can the user be connected, and only have a specific ip/domain routed through it? I also dont have access to the dvr's internal system to run tailscale from it.

Anyway thanks for the lead, im reading up now

[–] [email protected] 7 points 9 months ago* (last edited 9 months ago) (2 children)

Something ive noticed from using wireguard from my phone is my traffic across the board slows down significantly while connected because everything is routed back home.

This is a config issue, you have your VPN set as the default gateway instead of just for the specific subnet of your home network.

By default tailscale will not be a default gateway or subnet router, it will only give access between 2 devices with tailscale installed.

[–] [email protected] 1 points 9 months ago* (last edited 9 months ago)

Yea, gotta turn off using an Exit Node that's on that network.

Also, sometimes Tailscale's Magic DNS seems to override other name resolution and will route over Tailscale instead if another network (eg LAN). You can avoid this by using IP addresses instead of DNS if you have issues.

For example, when I'm home and try to RDP to my server, sometimes TS DNS resolves the name and routes over TS, although it's on the same LAN. If I RDP via the IP address of my server, it's noticeably faster. If I turn off Tailscale, it's faster, even using DNS, because then it resolves to the local, not TS, address.

So basically, if I disable/re-enable TS on my laptop, DNS works fine. Think it's just a bug.

[–] [email protected] 1 points 9 months ago

Oh that makes sense because when i originally set it up, i did want all traffic routed through it. I guess i didnt realize it didnt have to be

[–] [email protected] 4 points 9 months ago

There's a similar software called zerotier that only routes traffic you want across. You select an IP range (for instance 10.144..) and it gives your computer a new address. For my main computer let's say it's 10.144.168.128. The only traffic routed over the vpn is traffic addressed to that address. You can append the port to web traffic like https://10.144.168.128:8010/zm/index.php (zoneminder used as an example) and it would use the vpn for that connection but nothing else.

[–] [email protected] 3 points 9 months ago

You can set what traffic goes across wireguard, either all of it, or only what is intended for the IP you are needing to connect to.

[–] [email protected] 2 points 9 months ago (1 children)

Someone recommended ssh, which is good, but it can't do udp connections.

https://github.com/anderspitman/awesome-tunneling

From this list, I selected rathole since they claimed to be more performant than frp, the most popular solution.

[–] [email protected] 1 points 9 months ago* (last edited 9 months ago)

Edit: just looked at your link. I think for the time being im going to use tailscale. Its a restaraunt, and they dont have a self-hosted server. Im trying to get around opening ports, so using an existing service. Your link did make me aware of cloudflare tunnels whick looks like it allows 50 users on a free plan vs tailscale's 3. Although the 3 might work for them, I'll have to check. Ill probably drop in an ngrok tunnel too so i can maintenence the pi remotely. (They are in a different state) i was mostly looking for advice on how to connect a port on one machine to another over a lan, and socat looks perfect

Actually, i found socat which seems to work just fine so far, and appears to be a standard linux command.

socat TCP4-LISTEN:8096 TCP4:192.168.86.2:8096

Thats a test i did with jellyfin at home

[–] [email protected] 2 points 9 months ago* (last edited 9 months ago)

Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I've seen in this thread:

Fewer Letters More Letters
DNS Domain Name Service/System
IP Internet Protocol
SSH Secure Shell for remote terminal access
VPN Virtual Private Network

[Thread #500 for this sub, first seen 9th Feb 2024, 22:55] [FAQ] [Full list] [Contact] [Source code]