I’d like to create a Plex/Jellyfin server that I can open up to family and friends on other networks. I know there are security concerns with opening my home network to outside traffic like this, but I’m not educated well enough on cyber security to know what practices to avoid or how to accomplish this safely.

Something I’ve come across is the Firewalla Purple . It’s a device that plugs into your modem to provide a firewall, DNS ad blocking, and some other cyber security features.

From what I’ve read, the network monitoring and security features provided by this product would solve the security concerns that come with opening a Jellyfin/Plex server to outside connections. Firewalla also provides lifetime access to their VPN with the purchase of their products, so I could stop paying for Proton if it’s any good. The DNS ad blocking is a huge bonus.

How can I safely let friends and family stream from my Plex/Jellyfin server? Would this Firewalla product solve any of these issues? Is their VPN service comparable to Proton or Mullvad?

  • originalucifer
    link
    fedilink
    411 months ago

    techinically, no, you dont need that device.

    you would use your existing routing device to port to your containers in the form of a pihole and jellyfin.

    set your router to the pihole for dns, and youre done.

    you could use gluetun for vpn, also containered with your existing proton account.

    • @GooseFinger@lemmy.worldOP
      link
      fedilink
      211 months ago

      Thanks for the answer, that makes sense. Sounds like there aren’t security concerns with letting others connect to my server then.

      This is the first I’ve heard of Gluetun. Why do you suggest it?

      • originalucifer
        link
        fedilink
        411 months ago

        your router also has a firewall, so thats where you limit the jellyfin port to the service on your server… then your security concern is at jellyfin itself (certificate, users accounts etc).

        gluetun is great because it can establish a vpn connection using openvpn (which any good vpn provider supports). you can then set anything inside your network or other containers to use that for their external internet access very easily.

        the benefit with this is if the tunnel goes down, your stuff doesnt accidentally use the non-vpn’ed connection. so if you were hypothetically running a torrent client, it would never bleed your public ip.

        im already solid with proton for email purposes, which includes vpn access. me paying anyone else for vpn would just be superfluous