User avatar
jors
Posts: 39
Joined: Sun Sep 23, 2012 9:05 am
Location: Barcelona
Contact: Website

Colocation between users (the cheap way)

Sun Jun 23, 2019 5:33 pm

Hi there,

I was wondering if there would be someone interested in interchanging Raspberry Pi's in order to host it (colocation) on somenone else's home. Just to put an example, sometimes I like to perform network checks (ping for latency, mtr for Internet routes...) from another location different from home (ideally, from a host located on another country). I also like the idea of having a remote backup MX somewhere else. I know I could rent some cheap & low powered VPS, but I like more the idea of taking advantage of the technical resources we already have and pay for: electricity & network connection.

As we are talking about not spending money, this raises the problem of sharing ports of a single ip address (something common in a residential Internet connection). This would happen in instance, when on the same connection there are two or more web (80/443) of smtp (25/465/587) servers on each host with private ip address that both need to work. In that case, a dmz host can configure the needed service (http, smtp) accordingly to redirect traffic to the private ip address of the proper Raspberry Pi. Maybe this is not needed if you only need ssh access (just wondering).

This means that both parties need some knowledge on how to do these things (guess I do). This also means that both parties must send by postal mail the Raspberry Pi + SD card. Or maybe we can agree to lend each other their Raspberry Pi + SD and only send a preconfigured dd image of the SD card through network and the other party just dd/burn it to the SD and put the Raspberry to work. This option would avoid the need of sending anything by postal mail.

If I cannot arouse interest in this, just let you know that I would also be willing to hosting some people's Raspberry Pi's at my home with no costs. Well, at least initially and for a reduced number of persons (1-5?).

Just FYI, I have a 100/10 fiber optical Internet connection in Barcelona, Spain.

Please, refrain from bad intentions. I act in good faith and I expect the same from others.

Cheers!
Blog @ http://enchufado.com/

hippy
Posts: 5943
Joined: Fri Sep 09, 2011 10:34 pm
Location: UK

Re: Colocation between users (the cheap way)

Sun Jun 23, 2019 7:44 pm

Wouldn't it be easier and safer to come up with some mechanism whereby a remote user with a Pi could be instructed to do whatever you need to measure and then send you the results ?

That could be done with the remote user not having to open their Pi to incoming traffic from the internet, not having to give you access to their network, not needing anything more than the Pi they already have.

I might be prepared to have my Pi check a website someone hosted to see if there was a request for me to do something or other and then send back the results, but there isn't anyway you or anyone else are getting anywhere near my network.

ejolson
Posts: 3552
Joined: Tue Mar 18, 2014 11:47 am

Re: Colocation between users (the cheap way)

Sun Jun 23, 2019 9:58 pm

jors wrote:
Sun Jun 23, 2019 5:33 pm
Cheers!
What you describe is technically possible and attractive due to the low power requirements of the Pi.

However, the idea is also fraught with peril. For example, avoiding financial transactions may keep you within the contract for home internet service, but that same contract may also make you personally responsible when one of the collocated Pi computers gets infected and starts sending out illegal spam or downloading region-protected video from the BBC?

One solution would be only to do this among friends and relations. At the same time, some of the obvious problems could be mitigated using a custom firewall and VPN that only lets the collocated Pi connect directly to its owner and not anyplace else. That would, at least, afford the person acting as the data center some protection. Trusting the other way is more difficult as there's no secure-boot environment available for the Pi.
Last edited by ejolson on Sun Jun 23, 2019 10:16 pm, edited 2 times in total.

User avatar
jors
Posts: 39
Joined: Sun Sep 23, 2012 9:05 am
Location: Barcelona
Contact: Website

Re: Colocation between users (the cheap way)

Sun Jun 23, 2019 10:05 pm

hippy wrote:
Sun Jun 23, 2019 7:44 pm
Wouldn't it be easier and safer to come up with some mechanism whereby a remote user with a Pi could be instructed to do whatever you need to measure and then send you the results ?

That could be done with the remote user not having to open their Pi to incoming traffic from the internet, not having to give you access to their network, not needing anything more than the Pi they already have.

I might be prepared to have my Pi check a website someone hosted to see if there was a request for me to do something or other and then send back the results, but there isn't anyway you or anyone else are getting anywhere near my network.
Hi hippy,

Thanks for sharing your opinion. Sure it would be safer. But it's not only that I am willing to do the tests myself and get the results in realtime, but as I said, I would like to do more things as for example, setting up a backup MX, and maybe other services in the future (or maybe not, I still don't know). It would be even safer to don't connect the Raspberry Pi to the network at all, but I am not going to pay that price ;)

Cheers!
Blog @ http://enchufado.com/

User avatar
jors
Posts: 39
Joined: Sun Sep 23, 2012 9:05 am
Location: Barcelona
Contact: Website

Re: Colocation between users (the cheap way)

Sun Jun 23, 2019 10:14 pm

ejolson wrote:
Sun Jun 23, 2019 9:58 pm
jors wrote:
Sun Jun 23, 2019 5:33 pm
Cheers!
What you describe is technically possible and attractive due to the low power requirements of the Pi.

However, the idea is also fraught with peril. For example, avoiding financial transactions may keep you within the contract for home internet service, but that same contract may also make you personally responsible when one of the collocated Pi computers gets infected and starts sending out illegal spam or downloading region-protected video from the BBC?

One solution would be only to do this among friends and relations. At the same time, some of the obvious problems could be mitigated using a custom firewall and VPN that only lets the collocated Pi connect directly to its owner and not anyplace else.
Yes, precisely it's because of the low power requirements of the Pi that I started with this idea.

About the legal issues, as soon as I am aware (myself or via a third party) that some illicit activity is taking place, I would need to intervene and stop it. Then talking to the owner for its review and solution would suffice.

The security would be in charge of the Pi owner, but I surely could help there as I need to take care of what is inside my network. No need even of a VPN; some SSH with key-only authentication would do the job.

Could not find interest among friends and relations and that's why I decided to came here to see if the idea aroused someone's interest.

Cheers!
Blog @ http://enchufado.com/

ejolson
Posts: 3552
Joined: Tue Mar 18, 2014 11:47 am

Re: Colocation between users (the cheap way)

Sun Jun 23, 2019 10:43 pm

jors wrote:
Sun Jun 23, 2019 10:14 pm
About the legal issues, as soon as I am aware (myself or via a third party) that some illicit activity is taking place, I would need to intervene and stop it. Then talking to the owner for its review and solution would suffice.
Unfortunately, the way you might become aware of illicit activity is for the police to come and confiscate all available computer equipment as evidence.

A firewall and VPN which prevent the collocated machine from reaching the Internet at all except through a direct connection to its owner is the minimum I can think of to mitigate this problem. Still, even if the collocated machine were only used for off-site storage, that storage might end up containing the equivalent of Hillary Clinton's emails and be the subject of an unpleasant search and seizure.

User avatar
jors
Posts: 39
Joined: Sun Sep 23, 2012 9:05 am
Location: Barcelona
Contact: Website

Re: Colocation between users (the cheap way)

Mon Jun 24, 2019 6:26 am

ejolson wrote:
Sun Jun 23, 2019 10:43 pm
jors wrote:
Sun Jun 23, 2019 10:14 pm
About the legal issues, as soon as I am aware (myself or via a third party) that some illicit activity is taking place, I would need to intervene and stop it. Then talking to the owner for its review and solution would suffice.
Unfortunately, the way you might become aware of illicit activity is for the police to come and confiscate all available computer equipment as evidence.

A firewall and VPN which prevent the collocated machine from reaching the Internet at all except through a direct connection to its owner is the minimum I can think of to mitigate this problem. Still, even if the collocated machine were only used for off-site storage, that storage might end up containing the equivalent of Hillary Clinton's emails and be the subject of an unpleasant search and seizure.
Well, if the police has to come, so let be it. This also happens on every single hosting platform out there (some of them just a little bigger than me ;) ), and this is how the Internet works. The idea is that the traffic *does* come from the connectivity of the "hoster" environment.

I saw the cookie jar part. As I said previously to hippy, it would be even safer to don't connect the Raspberry Pi to the network at all, but I am not going to pay that price ;)

Cheers!
Blog @ http://enchufado.com/

User avatar
thagrol
Posts: 1836
Joined: Fri Jan 13, 2012 4:41 pm
Location: Darkest Somerset, UK
Contact: Website

Re: Colocation between users (the cheap way)

Mon Jun 24, 2019 1:16 pm

The two big problesm here are trust and bandwidth.

Put simply, how can you convice me that you are trustworthy and that you won't use all my avaiable bandwidth?

Large hosting companies have the legal expertise, the technical expertise, and the bandwidth to handle this. I (and most home users) don't.

Then there are all the issuses related to making a computer accessable from the internet.

And the ISP's terms and conditions.

Plus what's in it for me? You don't want to pay for a VPS so I assume you don't want to pay me for my electricity, my bandwidth, and the use of my hardware (that presumably I won't be able to make use of when you're not using it). Oh, and my time for any actions that require physical access to the Pi.
This space unintentionally left blank.

User avatar
jors
Posts: 39
Joined: Sun Sep 23, 2012 9:05 am
Location: Barcelona
Contact: Website

Re: Colocation between users (the cheap way)

Mon Jun 24, 2019 2:24 pm

thagrol wrote:
Mon Jun 24, 2019 1:16 pm
The two big problesm here are trust and bandwidth.

Put simply, how can you convice me that you are trustworthy and that you won't use all my avaiable bandwidth?

Large hosting companies have the legal expertise, the technical expertise, and the bandwidth to handle this. I (and most home users) don't.

Then there are all the issuses related to making a computer accessable from the internet.

And the ISP's terms and conditions.

Plus what's in it for me? You don't want to pay for a VPS so I assume you don't want to pay me for my electricity, my bandwidth, and the use of my hardware (that presumably I won't be able to make use of when you're not using it). Oh, and my time for any actions that require physical access to the Pi.
Hi thagrol,

How can I convice you that I am trustworthy and that I won't use all your avaiable bandwidth? Guess I don't. You will have to know me and trust my words. Trust is the basis of human relationships and time will tell. if confidence is broken, the relationship ends. When talking about bandwidth in particular, if that worries you, I can set up (in instance) traffic shaping in my Raspbian to put some limit.

About making a computer accessable from the internet, if you had your Pi in my SOHO, I can set up port redirection againts your Pi (in those cases where those ports are not being used by me) and if we talk about common ports (web, smtp) I can set up a redirection in the proper service (in instance, some ProxyPass for web sites, or some smtp transport for smtp) to route it to my or your host. Or at least we can try :)

About ISP's terms and conditions, man, we are not talking about building any kind of business. This is intended for playing, doing tests, maybe some blog/personal web site... this is the kind of stuff I have in mind.

What's in it for you? As I stated before, this is not for doing any kind of business. And with the aim of avoiding harm to one of the parties by generating a situation of inequality, I thought of a Pis exchange: I use your electricity and bandwitdh, you use mine. If I have to help you in some setup, I'll try and I'll expect you do the same if I need it.

Given the low power consumption of the Pi (let's see about the new RPi 4) and that most of the time my bandwidth is used very little, I also said that if someone is interested, I would be willing to host some people's Raspberry Pi's at my home with no costs. So if someone would like to give it a try, just let me know.

Cheers!
Blog @ http://enchufado.com/

User avatar
thagrol
Posts: 1836
Joined: Fri Jan 13, 2012 4:41 pm
Location: Darkest Somerset, UK
Contact: Website

Re: Colocation between users (the cheap way)

Mon Jun 24, 2019 3:24 pm

jors wrote:
Mon Jun 24, 2019 2:24 pm
thagrol wrote:
Mon Jun 24, 2019 1:16 pm
The two big problesm here are trust and bandwidth.

Put simply, how can you convice me that you are trustworthy and that you won't use all my avaiable bandwidth?

Large hosting companies have the legal expertise, the technical expertise, and the bandwidth to handle this. I (and most home users) don't.

Then there are all the issuses related to making a computer accessable from the internet.

And the ISP's terms and conditions.

Plus what's in it for me? You don't want to pay for a VPS so I assume you don't want to pay me for my electricity, my bandwidth, and the use of my hardware (that presumably I won't be able to make use of when you're not using it). Oh, and my time for any actions that require physical access to the Pi.
Hi thagrol,

How can I convice you that I am trustworthy and that I won't use all your avaiable bandwidth? Guess I don't. You will have to know me and trust my words. Trust is the basis of human relationships and time will tell. if confidence is broken, the relationship ends. When talking about bandwidth in particular, if that worries you, I can set up (in instance) traffic shaping in my Raspbian to put some limit.
That's only going to affect traffic at your end. And I/we would have to trust you. Plus I'd need to setup similar traffic shaping on my end.
About making a computer accessable from the internet, if you had your Pi in my SOHO, I can set up port redirection againts your Pi (in those cases where those ports are not being used by me) and if we talk about common ports (web, smtp) I can set up a redirection in the proper service (in instance, some ProxyPass for web sites, or some smtp transport for smtp) to route it to my or your host. Or at least we can try :)
So possibly not very secure then and that probably won't do much to protect against random attacks from the internet.
About ISP's terms and conditions, man, we are not talking about building any kind of business. This is intended for playing, doing tests, maybe some blog/personal web site... this is the kind of stuff I have in mind.
And some of the more restrictive ISP ban that sort of stuff and block the common ports.
What's in it for you? As I stated before, this is not for doing any kind of business. And with the aim of avoiding harm to one of the parties by generating a situation of inequality, I thought of a Pis exchange: I use your electricity and bandwitdh, you use mine. If I have to help you in some setup, I'll try and I'll expect you do the same if I need it.

Given the low power consumption of the Pi (let's see about the new RPi 4) and that most of the time my bandwidth is used very little, I also said that if someone is interested, I would be willing to host some people's Raspberry Pi's at my home with no costs. So if someone would like to give it a try, just let me know.

Cheers!
I don't think I'll take you up on this, and I'd advise no-one else to do so. Well not unless they have apropriate network admin knowledge and experience.

For me, the trust and security issues are too much and don't forget that every user on my LAN also has to trust you (directly or indirectly).

Access via a VPN to a Pi on my LAN that has only client type access to the internet and as a non-root user, maybe if it can be trivially isolated from the rest of my LAN. But that clearly isn't what you want.

To do what you want means a lot of work to secure every machine on my LAN from any poential malware (or just plain incompetence or curiosity) coming from the colocated Pi. Especially if you have root access on that Pi.

I'm not saying that you'd be incompetent, but as you are aware, I don't know you.
This space unintentionally left blank.

User avatar
jors
Posts: 39
Joined: Sun Sep 23, 2012 9:05 am
Location: Barcelona
Contact: Website

Re: Colocation between users (the cheap way)

Mon Jun 24, 2019 4:32 pm

jors wrote:
Mon Jun 24, 2019 2:24 pm
Hi thagrol,

How can I convice you that I am trustworthy and that I won't use all your avaiable bandwidth? Guess I don't. You will have to know me and trust my words. Trust is the basis of human relationships and time will tell. if confidence is broken, the relationship ends. When talking about bandwidth in particular, if that worries you, I can set up (in instance) traffic shaping in my Raspbian to put some limit.
thagrol wrote:
Mon Jun 24, 2019 3:24 pm
That's only going to affect traffic at your end. And I/we would have to trust you. Plus I'd need to setup similar traffic shaping on my end.
Affirmative, because I was thinking to do it at OS level (with tc).
jors wrote:
Mon Jun 24, 2019 2:24 pm
About making a computer accessable from the internet, if you had your Pi in my SOHO, I can set up port redirection againts your Pi (in those cases where those ports are not being used by me) and if we talk about common ports (web, smtp) I can set up a redirection in the proper service (in instance, some ProxyPass for web sites, or some smtp transport for smtp) to route it to my or your host. Or at least we can try :)
thagrol wrote:
Mon Jun 24, 2019 3:24 pm
So possibly not very secure then and that probably won't do much to protect against random attacks from the internet.
I do have some basic DoS and other iptables rules, but hey, I am not Google Cloud :D
jors wrote:
Mon Jun 24, 2019 2:24 pm
About ISP's terms and conditions, man, we are not talking about building any kind of business. This is intended for playing, doing tests, maybe some blog/personal web site... this is the kind of stuff I have in mind.
thagrol wrote:
Mon Jun 24, 2019 3:24 pm
And some of the more restrictive ISP ban that sort of stuff and block the common ports.
I've been using my stuff for several years right now with the same provider and have not had a single problem in this sense. But yes, shit can happen. Who knows?
jors wrote:
Mon Jun 24, 2019 2:24 pm
What's in it for you? As I stated before, this is not for doing any kind of business. And with the aim of avoiding harm to one of the parties by generating a situation of inequality, I thought of a Pis exchange: I use your electricity and bandwitdh, you use mine. If I have to help you in some setup, I'll try and I'll expect you do the same if I need it.

Given the low power consumption of the Pi (let's see about the new RPi 4) and that most of the time my bandwidth is used very little, I also said that if someone is interested, I would be willing to host some people's Raspberry Pi's at my home with no costs. So if someone would like to give it a try, just let me know.

Cheers!
thagrol wrote:
Mon Jun 24, 2019 3:24 pm
I don't think I'll take you up on this, and I'd advise no-one else to do so. Well not unless they have apropriate network admin knowledge and experience.
You are right on these one. If your purpose is to have some Pi just to SSH in and do some tests/tinkering, basic knowledge would suffice. But if you want to expose services with common ports, then admin knowledge and experience is highly advised.
thagrol wrote:
Mon Jun 24, 2019 3:24 pm
For me, the trust and security issues are too much and don't forget that every user on my LAN also has to trust you (directly or indirectly).

Access via a VPN to a Pi on my LAN that has only client type access to the internet and as a non-root user, maybe if it can be trivially isolated from the rest of my LAN. But that clearly isn't what you want.
What you say would be basically to give access to a limited shell, and that basically cuts off my purpose, yes.
thagrol wrote:
Mon Jun 24, 2019 3:24 pm
To do what you want means a lot of work to secure every machine on my LAN from any poential malware (or just plain incompetence or curiosity) coming from the colocated Pi. Especially if you have root access on that Pi.

I'm not saying that you'd be incompetent, but as you are aware, I don't know you.
Sure, I do not know you either, but I'm putting a bit of trust in humanity :)

Thanks anyway for you reply. Maybe this will better expose my proposal to the rest of the forum.

Cheers!
Blog @ http://enchufado.com/

Return to “General discussion”