remote firewall advice
Antti.Roppola at brs.gov.au
Antti.Roppola at brs.gov.au
Tue Feb 4 15:46:11 EST 2003
Last night I fixed a setup similar to that described. I Didn't look
closely at how it actually set up, beyond that it is vanilla Redhat 6.0
running on a very old 486 with ipchains NAT and PPP dial-on-demand.
The owner know *zero* about how it works and is very happy with the
years of trouble free service it has given (until some hardware died
during the fires).
I mention this because I understand that things like Gibraltar and IPCop
do not seem to like older hardware.
For a while, I ran some modifications to my ppp script at home that would
notify me whenever my ADSL connection's IP changed and also to iptables to
let ssh connections in from certain networks/addresses. If it's going to be
as trouble free as the above described, you can probably get by with
father-in-law switching on the machine if and when work is required.
P.S. My mother's WinPC was reliable until someone on Bogpond's helpdesk
convinced her to run their installer (to fix line problems!). Since then it's
been very flakey. I am intensely suspicious of ISP provided war3z.
From: Robert Edwards [mailto:Robert.Edwards at anu.edu.au]
Sent: Tuesday, 4 February 2003 2:45 PM
To: linux at samba.org
Subject: remote firewall advice
My father-in-law is a farmer in the Riverina area of N.S.W. and uses a Windoze
98 box for various farmy stuff as well as e-mail and web-surfing. His TCP
stack has become corrupt on a number of occasions, resulting in the Bigpond
tech guys taking him through a remove and re-install cycle a couple of times.
This is, of course, a bit frustrating.
I am keen to set him up with a Linux firewall/dial-out server to protect his
little old Windoze 98 box from the big bad Internet.
What I would really like is some way for him to press a button (the machine
would have no keyboard) to initiate a dial-out connection. Once connected, I
would like the machine to establish a connection back to me (I wouldn't be
able to connect to it as I wouldn't know it's IP address and it may be behind
a NAT router). Maybe a PPP over SSH connection or something so that I can log
in from where I am and nurgle his configuration files or whatever.
Has anyone done anything like this - set up a remote dial-out machine that can
be administered remotely? Anyone have any links to similar projects? Anyone
got any advice on how to implement a button to establish the dial-out
connection (he can't leave the machine permanently online for various
reasons, including financial). Am I thinking in the right direction, or is
there an easier way (I don't play with dial-out much at all, so this is all a
bit new for me)?
Another thought I had, although requiring a new modem, would be to get a modem
with caller ID. Then I could set it up so that if I rang it from a known
phone number, it would then respond by dialing out to the ISP and
establishing the connection to allow be to connect in. But this may be even
Thanks for any ideas.
More information about the linux