Best practices to secure OSMC if exposed on the Intarweb

Hello there,
even though my Vero with OSMC sits within my private address home LAN, I have exposed a few service onto the Internet via router NAT rules.

These are mostly HTTP based services such as rutorrent and tonight I realized I was foolish enough not protect the login not even with a userid/password to avoid the annoying need to login from within my home LAN.

So in this case I’ll need to understand at the very least how to secure the webserver when accessed from public IP addresses, right ?

Another idea I have is close all ports, install openvpn, route that only and then access services through this VPN.

What is your preferred way of keeping things reasonably sane without becoming too complex/crazy ?

And BTW is there some quick scanner I can use to do a pentest on my public IP address and some simple tool to scan the webserver log for malicious attempts ?

Thank you very much

rutorrent running on lighthttpd or apache ?

openvpn is certainly a good way to go secure and gives you access too your home network

as for a quickscanner again its all about what kinda services you run

fail2ban is a common practice then you have iptables etc need to be more specific

Hi Toast,
rutorrent on lighttpd of course :wink:

No iptables since my Vero is on my private LAN as the only reachable device on my 192.168 subnet and I am exposing services only via NAT rules on the FritzBox router.

fail2ban I’ll look into.

Thanks very much.

This might help you a bit more

1 Like