Networking SmartFriends: Is port forwarding intrinsically a bad idea (as compared to using Tailscale Funnel) from a security perspective if I want to expose, say, a Plex server running on my NAS to the outside world?
It's largely equivalent here - you're just exposing something via a tunnel rather than directly via your home IP.
That could have benefits, for example, if you're concerned about a DDoS attack on that service taking your home internet out, you may be able to work around it like this. But it won't mitigate a gaping hole in the underlying service which you're still exposing.
It could also have drawbacks, like limited bandwidth and higher latency, which would make it highly unsuitable for something like a game server.
The main question is weather you want to share something like a Plex server with other people and force/convince them to essentially install a VPN to do so (which usually mean other VPNs are out of the game. You can't, for example, have Tailscale work alongside an adblock VPN in Android). To me thats a deal breaker and quite a burden to the people who want to access it. You are better off putting all those services behind a reverse proxy with a cert from let's encrypt.
