Is there an alternative to Port Forwarding?

Having trouble with Sighthound Video? Post here for help.

Moderator: Staff

no avatar
Posts: 17
Joined: Wed Oct 11, 2017 10:10 pm

Is there an alternative to Port Forwarding?

by schneideris » Sun Sep 29, 2019 11:39 pm

Is there no other way than Port Forwarding for remote access with the mobile app?

Port forwarding is a security issue and all the reading I have done says that it should be avoided. Moving to a non-standard port is better, but eventually you will likely get found. I am not interested in letting a port scanner find my machine and then have their way with it.

no avatar
Posts: 2
Joined: Wed Jun 12, 2019 3:05 pm

Re: Is there an alternative to Port Forwarding?

by qy7298 » Mon Sep 30, 2019 9:51 am

Personally, I really like the way remote access is handled in SH, because it is compatible with a reverse proxy and I don't have to rely on a third party's cloud remote access solution and I don't have to effectively grant a third party access to my data.

What I've done is front-end SH with an nginx reverse proxy. The reverse proxy sits on the internet side of things in a DMZ and has access to the SH web interface. Since SH authenticates with basic auth, the mobile app will authenticate to the reverse proxy and the reverse proxy authenticates to SH. This allows me to only expose nginx (a very heavily used and scrutinized piece of software - this should reduce the likelyhood of exposing something vulnerable) and force the users to authenticate to it before even touching SH. This also lets me apply Lets Encrypt SSL certs and enforce IP bans on failed login attempts.

I don't mind a port scanner having it's way with something like nginx, but I would be concerned about a vulnerability scanner directly hitting SH's web UI.

[Mobile App] ---[HTTPS/443]---> [nginx] ---[HTTPS/SH Default port]---> [SightHound]

Traffic flows through a firewall entering nginx and entering SH. Servers on different VLANS.

If you check reddit /r/homelab there's a lot of examples of how to set this up.

no avatar
Posts: 7
Joined: Mon Sep 23, 2019 11:17 am

Re: Is there an alternative to Port Forwarding?

by sethf » Fri Oct 18, 2019 12:06 pm

I would recommend trying out some private VPN applications such as

Zero Tier
LogmeIn Hamachi

Return to Technical Support