AVS Forum banner
Cancel
  • Take part in a short activity and share your valuable opinion on new design concepts for AVSForum! >>> Click Here
  • Our native mobile app has a new name: Fora Communities. Learn more.

Non-local WiRNS?

200 Views 6 Replies 3 Participants Last post by  sfhub
S
Is it possible to run non-local copy of WiRNS? That is can I allow my WiRNS to be used by a friend? I have a static ip so couldn't they just set my ip as their dns server and I forward ports 53 and 80?


What potential security risks might I be opening myself up to?


-SeeSpotRun
Save
Like
Status
Not open for further replies.
1 - 7 of 7 Posts
J
Quote:
Originally posted by SeeSpotRun
Is it possible to run non-local copy of WiRNS? That is can I allow my WiRNS to be used by a friend? I have a static ip so couldn't they just set my ip as their dns server and I forward ports 53 and 80?


What potential security risks might I be opening myself up to?


-SeeSpotRun
Yes, this works. One problem you might run into is that some ISPs block port 80 inbound to their users. If so, then your friend's ReplayTV will not be able to access your WiRNS server, and there is nothing you can do about that short of switching ti an ISP that doesn't block port 80. Another problem is that you will have to use your WAN IP as your WIRNS IP otherwise the DNS server in WiRNS will respond to requests for production.replaytv.net with your LAN IP, which won't do your friend much good. However, while the WAN IP setup will let your friend use WiRNS, unless your router supports loopback, you won't be able to use it. You could get around this by running another DNS server just for your LAN use.


As far as security risks, you would be running a server on a commonly scanned port on the Internet (port 80/HTTP). While there are no known exploits in WiRNS, they may exist as it isn't exactly designed for Internet use. You also run the risk of getting in trouble from your ISP if your terms of service prohibit you from running web servers (many do).
See less See more
Save
Like
S
Does WIRNS allow you to configure it to return WAN IP for DNS requests,

but have it bind to a different IP for TCP listening purposes?


It seemed it didn't do that when I tried, but I didn't try very hard.

The DNS server did bind to the local address of the unit, but the HTTP

server didn't seem to.
Save
Like
S
Thanks for pointing out that I'd need to use my WAN ip as the WiRNS address. My router does support loopback and that isn't a problem. My ISP does not block any ports. Their rules probably do prohibit running servers but I don't think they are looking for them and probably just check for excessive bandwith usage. Since I'm pretty active in sending shows via Poopli, I'm sure that I use plenty of bandwith and I'd think that if they don't have a problem with that, then a little traffic on port 80 is ok.


I'm more concerned about possible exploits than what my ISP thinks.


-SeeSpotRun
Save
Like
J
Quote:
Originally posted by sfhub
Does WIRNS allow you to configure it to return WAN IP for DNS requests,

but have it bind to a different IP for TCP listening purposes?


It seemed it didn't do that when I tried, but I didn't try very hard.

The DNS server did bind to the local address of the unit, but the HTTP

server didn't seem to.
Doh! AFAICT it doesn't actually. I guess the best thing for him to do would be to run another DNS server that returns his WAN IP for

production.replaytv.net

production-1.replaytv.net

production-2.replaytv.net

production-backup.replaytv.net

ntp-production.replaytv.net


If this DNS server is on the same PC as WiRNS, he will probably have to bind it to a port other than 53 and do port translation with his router in order to make this work since one can't disable the DNS component of WiRNS AFAIK (and it binds to all interfaces). He will also need to forward port 123 for NTP.
See less See more
Save
Like
J
Quote:
Originally posted by SeeSpotRun
Thanks for pointing out that I'd need to use my WAN ip as the WiRNS address.
Actually, sfhub is right that this won't work. I forgot that current WiRNS uses the WiRNS IP setting for two purposes: 1) to determine which interface/IP to bind and 2) to return in response to DNS queries. This makes things a little more complicated. See my post above.
Save
Like
S
Quote:
Originally posted by j.m.
Doh! AFAICT it doesn't actually. I guess the best thing for him to do would be to run another DNS server that returns his WAN IP for
In case it wasn't obvious, "another DNS server" could simply be a 2nd

instance of WIRNS, running on a different machine, configured to use

the WAN IP.


If you have a subnet of IPs from your ISP, this isn't a problem, just

configure WIRNS to use static "real" IP of its own.


You may need to forward 80/TCP, 53/UDP, 123/UDP depending on your

firewall or router config. Outgoing for those 3 is usually allowed by

default, but if not, those need to be allowed also.
See less See more
Save
Like
1 - 7 of 7 Posts
Status
Not open for further replies.
AVS Forum
A forum community dedicated to home theater owners and enthusiasts. Come join the discussion about home audio/video, TVs, projectors, screens, receivers, speakers, projects, DIY’s, product reviews, accessories, classifieds, and more!
Full Forum Listing
Explore Our Forums
Receivers, Amps, and Processors LCD Flat Panel Displays Speakers HDTV Programming Home Theater Computers
Top