How to connect a self hosted cloud secure to the internet.
Hello,
i am using a ER605 and a TL-SG3428. I am hosting a cloud, which should be available over the internet. Because of my ISP it is only reachable via IPv6. To allow access over the internet to my cloud i simply added a Gateway acl which allows the connection from WAN IN to all IPv6 Groups. I only have one network with enabled IPv6. Is it a secure way to grant the acces to my cloud over the internet? I think it shouldnt be a problem, because all other devices are not getting a ipv6 adress. What do you think?
I am using Controller Version 5.12.7
Hope you can help.
Bastian
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
Hi @basti2s
Thanks for posting in our business forum.
basti2s wrote
Hello,
i am using a ER605 and a TL-SG3428. I am hosting a cloud, which should be available over the internet. Because of my ISP it is only reachable via IPv6. To allow access over the internet to my cloud i simply added a Gateway acl which allows the connection from WAN IN to all IPv6 Groups. I only have one network with enabled IPv6. Is it a secure way to grant the acces to my cloud over the internet? I think it shouldnt be a problem, because all other devices are not getting a ipv6 adress. What do you think?
It does not iterate well. Do you mean that you host a server in your LAN and your ISP only allows IPv6. And you seek a way to safely expose your local hosted server to the IPv6 public Internet?
I read multiple times to get to understand your situation. WAN IN ACL is recommended. It's correct.
You should worry about if you have an IPv6 when you are away from home. And you should prefer a rather static IPv6 address so you can better manage your WAN IN ACL.
This is the downside when you expose your network to the public Internet. Anyone can access it if they know your IP address (and port). The only thing you can do is to secure it with login credentials when it is accessed. Or you set up a VPN and avoid exposing it to the public Internet.
- Copy Link
- Report Inappropriate Content
Hi @basti2s
Thanks for posting in our business forum.
basti2s wrote
Hello,
i am using a ER605 and a TL-SG3428. I am hosting a cloud, which should be available over the internet. Because of my ISP it is only reachable via IPv6. To allow access over the internet to my cloud i simply added a Gateway acl which allows the connection from WAN IN to all IPv6 Groups. I only have one network with enabled IPv6. Is it a secure way to grant the acces to my cloud over the internet? I think it shouldnt be a problem, because all other devices are not getting a ipv6 adress. What do you think?
It does not iterate well. Do you mean that you host a server in your LAN and your ISP only allows IPv6. And you seek a way to safely expose your local hosted server to the IPv6 public Internet?
I read multiple times to get to understand your situation. WAN IN ACL is recommended. It's correct.
You should worry about if you have an IPv6 when you are away from home. And you should prefer a rather static IPv6 address so you can better manage your WAN IN ACL.
This is the downside when you expose your network to the public Internet. Anyone can access it if they know your IP address (and port). The only thing you can do is to secure it with login credentials when it is accessed. Or you set up a VPN and avoid exposing it to the public Internet.
- Copy Link
- Report Inappropriate Content
Hello,
thanks for the fast answer. I am sorry if i confused you a bit.
Clive_A wrote
Do you mean that you host a server in your LAN and your ISP only allows IPv6. And you seek a way to safely expose your local hosted server to the IPv6 public Internet?
Yes.
Clive_A wrote
You should worry about if you have an IPv6 when you are away from home. And you should prefer a rather static IPv6 address so you can better manage your WAN IN ACL.
I have an static IPv6-Adress.
Clive_A wrote
Anyone can access it if they know your IP address (and port). The only thing you can do is to secure it with login credentials when it is accessed. Or you set up a VPN and avoid exposing it to the public Internet.
The access to the cloud is secured with login credentials.A VPN doesnt make sense for me, because i want to access the cloud from different PCs without setting up the vpn on every PC.
Al in all we can say that its a secure way to expose my server to the public Internet?
I am a bit worried because in the network with the exposed proxy server are some other servers which should not be reachable directly from the internet. Is it a good solution to simply dont give them a IPv6 address? From my point of view they arent reachable from the internet, if they dont get a ipv6 address?
- Copy Link
- Report Inappropriate Content
Hi Bastian.
It seems like you're using an ER605 router and a TL-SG3428 switch to host a cloud service that is only reachable via IPv6 due to your ISP. To allow access to your cloud over the internet, you added a Gateway ACL that allows the connection from WAN IN to all IPv6 groups. Since you mentioned that all other devices are not getting an IPv6 address, it should be relatively secure. However, it's always a good practice to regularly update your firmware and ensure that your network devices have the latest security patches installed.
I hope this helps! Let me know if you have any further questions.
- Copy Link
- Report Inappropriate Content
Hi @basti2s
Thanks for posting in our business forum.
basti2s wrote
Hello,
thanks for the fast answer. I am sorry if i confused you a bit.
Clive_A wrote
Do you mean that you host a server in your LAN and your ISP only allows IPv6. And you seek a way to safely expose your local hosted server to the IPv6 public Internet?
Yes.
Clive_A wrote
You should worry about if you have an IPv6 when you are away from home. And you should prefer a rather static IPv6 address so you can better manage your WAN IN ACL.
I have an static IPv6-Adress.
Clive_A wrote
Anyone can access it if they know your IP address (and port). The only thing you can do is to secure it with login credentials when it is accessed. Or you set up a VPN and avoid exposing it to the public Internet.
The access to the cloud is secured with login credentials.A VPN doesnt make sense for me, because i want to access the cloud from different PCs without setting up the vpn on every PC.
Al in all we can say that its a secure way to expose my server to the public Internet?
I am a bit worried because in the network with the exposed proxy server are some other servers which should not be reachable directly from the internet. Is it a good solution to simply dont give them a IPv6 address? From my point of view they arent reachable from the internet, if they dont get a ipv6 address?
I might miss a word in the red highlight part. Worry about the dynamic IP address when you are away from home. So, at work, when travel, anywhere you are at, you will have a different IP address if you use their public Internet. Unless you have an LTE with a static IP address. You set an ACL with a rather static allow-in. This is what worries me as I have set up my server.
I prefer VPN. I am using RDP and VPS for my servers. Hosted VPN. I have login credentials but I don't trust it because I know that people can crack the password. You should have a very strong password and username in case anyone crack it when you expose it online.
- Copy Link
- Report Inappropriate Content
Information
Helpful: 0
Views: 729
Replies: 4
Voters 0
No one has voted for it yet.