[Freedombox-discuss] Using Freedombox with a normal router
Yoel Koenka :
> Hi all,
> I have a security question.
> Isn't it a security issue, connecting my freedombox to my router?
Hey, same config for me. Freedombox will offer services to LAN + WAN,
because network card is set up as "internal".
Plinth web interface will be available only for LAN,
+ hidden service as .onion if you enabled it by Tor menu... so everybody
who knows your .onion name can use Plinth, ssh, over Tor network
If in your home router you don't forward external ports to internal
ports, I think there isn't security problem. The router is here to share
the world network to the local network. By default, the router will
block all incoming connections. That's why if you want to use OpenVPN
for example, you have to forward external ports to your internal
Freedombox ports, to make it possible to reach your OpenVPN server
hosted in fbx.
> Most of the recommended hardware include only one ethernet port, so
> you have to connect your modem to a router and the freedombox connects
> to this router, like your own PC.
I've played a moment with an usb-lan dongle. It was working nice :)
But there are others services on my LAN, on others servers, and I was
not able to forward ports in Freedombox. For sure an expert will use
iptables for this, but I'm too noob for this, and not enough time for
now... My current router is really easy for setting this up ;)
> My question is, isn't it a potential security breach? For all we know,
> the router could send copies of our safely encrypted messages without
> any of the security offered by Freedombox.
> There is a lot being said about having an open-hardware freedombox and
> an open-hardware USB-WiFi dongle, but I couldn't find anything about
> the router itself.
> I guess the best would be to have an open-hardware hub and use it
> instead of a router.
> Can someone recommend on such a hardware?
Ouch, a hub has not same features as a router. Hub will connect people
on a the same network only. Router is able to share an internet
connection to all your PCs, with a hub plugged behind ;)
> Or did I miss something in my analysis and this isn't a risk at all?
May be I've said some mistakes... if someone else wants to fix, I'll be
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 819 bytes
Desc: OpenPGP digital signature