More > JRiver Media Center 26 for Linux
Docker Container for JRiver Media Center 26
HaWi:
--- Quote from: bob on August 03, 2020, 05:24:50 pm ---I have no idea why you are seeing that but if the docker container ethernet interface is running in bridged mode you can't block it by changing the firewall on the device it's running on (the DS1819+ I assume) .
You could run a firewall in the container or block it on your outside router.
I'm suspicious that you are seeing response packets to something originating from within the container itself.
--- End quote ---
Thanks Bob, I am running it in host mode, though.
HaWi:
--- Quote from: max096 on August 04, 2020, 03:21:10 am ---That's the log from x11vnc. Does not look like he guessed your password though. But also does not look like your firewall rules are working if you are still getting that after you applied them.
One thing you can do in the container is enable secure connection. That will enable https and ssl in vnc. Ofc it wont really solve the problem of it being world viewable if you make it public. If you dont need to access vnc when not at home then don't foward 5800 and 5900 from your router to your NAS.
Id recommend looking into setting up a VPN to you home network and don't expose any ports of any services otherwise. The less gates you open the less you are gonna get annoyed by them.
Another good way to do it if you need public accessability without a VPN would be haproxy. Ive not looked into it that much yet. But Ive seen this https://forum.level1techs.com/t/haproxy-wi-run-lots-of-public-services-on-your-home-server/159335 recently. Looked very interesting.
--- End quote ---
Thanks max,
I am running in host mode, so the firewall should work but maybe that's a Synology issue (i'll check again). The reason why I moved MC to Docker was so that I can access it from outside the LAN and have it running 24/7.
What worries me is that due to the restriction to 6 characters for the password, eventually one of them is guessing the right one. I will look into VPN or haproxy which was my plan anyway (that's going to annoy my wife and kids ;D). I am just such a dud when it comes to networks.
cheers,
Hans
max096:
--- Quote from: HaWi on August 04, 2020, 12:53:00 pm ---Thanks max,
What worries me is that due to the restriction to 6 characters for the password, eventually one of them is guessing the right one. I will look into VPN or haproxy which was my plan anyway (that's going to annoy my wife and kids ;D). I am just such a dud when it comes to networks.
--- End quote ---
There is no restriction to have 6 characters as your VNC password. Mine is longer than that.
HaWi:
--- Quote from: HaWi on August 04, 2020, 12:53:00 pm ---Thanks max,
I am running in host mode, so the firewall should work but maybe that's a Synology issue (i'll check again). The reason why I moved MC to Docker was so that I can access it from outside the LAN and have it running 24/7.
What worries me is that due to the restriction to 6 characters for the password, eventually one of them is guessing the right one. I will look into VPN or haproxy which was my plan anyway (that's going to annoy my wife and kids ;D). I am just such a dud when it comes to networks.
cheers,
Hans
--- End quote ---
I looked into my settings again and I set a IPv6 firewall rule on my Eero gateway to block all the MC ports from IPv6 and now, it seems that the attacks are being quashed. Fingers crossed.
EDIT: Spoke too soon, the attacks slowed down a bit but still coming...
max096:
--- Quote from: HaWi on August 04, 2020, 02:01:08 pm ---I looked into my settings again and I set a IPv6 firewall rule on my Eero gateway to block all the MC ports from IPv6 and now, it seems that the attacks are being quashed. Fingers crossed.
EDIT: Spoke too soon, the attacks slowed down a bit but still coming...
--- End quote ---
How did you block germany as a country? Can you lookup what IPs are on that list your router is using? Try to instead block specific IPs, or ranges. If your router has a country based blocking system it might very well be spotty. The only way that I can tell to find out where an IP is coming from is to ask external services that supposedly know it, because they built databases mapping it based on what IPs belong to what ISP (currently, hopefully). But threw the actual connection there is not really anything you can trust that I know of to really tell where the IP is coming from.
Navigation
[0] Message Index
[#] Next page
[*] Previous page
Go to full version