Comment on Offshoring my solutions
atzanteol@sh.itjust.works 9 months agoThis would prevent your friend from having to open ports in their router and from exposing their IP to the world (beyond their normal traffic, that is).
Their IP address is already “exposed to the world.” I keep seeing people recommending this pattern in this community for the same reason. But I genuinely don’t understand it. It sounds like one of those VPN ads frankly.
Your IP address is not private.
Frankly I would mothball the servers and move everything to the cloud rather than use a friend’s resources. You retain control over the environment and don’t need to worry about somebody unplugging your computer to vacuum.
With this pattern you open up an outgoing connection to the VPS, establish a two-way tunnel, and the VPS will use it to forward connections to you.
People who use your services this way see the VPS’s public IP, yours is hidden from them.
Sure, you still have a public IP while doing this but (a) only the VPS can see it and (b) you really don’t have to open ports on it and in fact may not even be reachable through it if it’s doing NAT.
What benefit do you think the vps provides though?
The most common ones:
Hiding your IP when you open services to the internet.
No it doesn’t. It hides it from things accessing your server but your IP address is not a secret and bots will scan it even if you do absolutely nothing on-line. And unless you’re using a VPN 24x7 while browsing you give your IP address out more often by “using the internet” than you would by “running a server”.
Though I suppose if you’re the sort of person who really cares about hiding their IP you’re also using a VPN 24x7 anyway… The VPN companies’ marketing has worked wonders on spooking people about “your IP is available” it seems. I mean - sure, it is. But who cares?
Breaking out of ISP NAT (aka carrier NAT / CGNAT), where clients can’t open connections to your public IP.
That’s fair - if needed.
ptz@dubvee.org 9 months ago
I did state “beyond their normal traffic”. And you do realize there’s a significant difference between exposing your IP as a client and exposing your IP as one that has servers hosted behind it, right? It’s not about protecting that or keeping it secret. It’s about not putting a target on their friend’s IP address for all the bots and script kiddies to hit.
atzanteol@sh.itjust.works 9 months ago
No, there isn’t. Bots scan indiscriminately. And script kiddies will still attack your servers running in their network, just via your proxy.