[vcf-midatlantic] Museum report

William Dudley wfdudley at gmail.com
Sun Apr 16 08:50:07 EDT 2017


The Sprint-supplied router has no mechanism to work with dyndns.org or
equivalent.

I think the Sprint service blocks incoming traffic on port 80, but I can
work around that
by using port 8090 as the external access http port.  I have the apache on
the pi listening
on both 80 and 8090.  Sprint does allow incoming on port 22 (ssh), so I've
been able to
do some administration from home.

The static ip is just so we can find the pi web server (on 8090) from
outside, for administrative
purposes.  There won't be a lot of traffic, and only Evan and select few
others will be using
that, to allow updating the museum kiosk content from home.

The next job that needs to be done is to delete the (useless) port forward
for port 80 to
the pi, and add a port forward to port 8090 on the pi.  The pi is now
static at 192.168.0.5.
I was able to set that up in the Sprint router (mac address -> fixed IP
address).

Long term, I may move the listen port for ssh from 22 to something less
obvious (security
by obscurity), OR change the pi's ssh to only use public/private key
authentication.
Because our external IP is in a block usually used by cell phones, that
means that it won't
normally be a target for hackers, as they don't expect open ssh ports on
cell phones.

Any questions, don't hesitate to contact me.

Bill Dudley


This email is free of malware because I run Linux.

On Sun, Apr 16, 2017 at 8:05 AM, Dean Notarnicola via vcf-midatlantic <
vcf-midatlantic at lists.vintagecomputerfederation.org> wrote:

> Thanks. I think our service let's us reserve one public IP. I'll work
> directly with Bill.
>
>
> On Sun, Apr 16, 2017 at 3:44 AM dave.g4ugm--- via vcf-midatlantic <
> vcf-midatlantic at lists.vintagecomputerfederation.org> wrote:
>
> > If the routers external IP address changes you need some kind of external
> > service to find it.
> > I use a dynamic DNS service from www.mythic-beasts.com. There is a
> > scheduled task on my windows PC that updates the address.
> >
> > Dave
> >
> >
> > > -----Original Message-----
> > > From: vcf-midatlantic [mailto:vcf-midatlantic-
> > > bounces at lists.vintagecomputerfederation.org] On Behalf Of Evan
> Koblentz
> > > via vcf-midatlantic
> > > Sent: 16 April 2017 07:12
> > > To: Vcf <vcf-midatlantic at lists.vintagecomputerfederation.org>
> > > Cc: Evan Koblentz <evan at vcfed.org>
> > > Subject: Re: [vcf-midatlantic] Museum report
> > >
> > > >> We can setup internal static IP addresses on the router, and setup
> > port
> > > forwarding so that they are accessible from the internet. No outside
> > service
> > > necessary.
> > >
> > > That's what Bill did, but there were issues related to the router's IP
> > changing,
> > > various ports being blocked (we think), and the router itself
> > misbehaving.
> >
> >
> >
>



More information about the vcf-midatlantic mailing list