remote firewall advice

Tue Feb 4 15:46:11 EST 2003

Last night I fixed a setup similar to that described. I Didn't look
closely at how it actually set up, beyond that it is vanilla Redhat 6.0
running on a very old 486 with ipchains NAT and PPP dial-on-demand.
The owner know *zero* about how it works and is very happy with the
years of trouble free service it has given (until some hardware died
during the fires).

I mention this because I understand that things like Gibraltar and IPCop
do not seem to like older hardware.

For a while, I ran some modifications to my ppp script at home that would
notify me whenever my ADSL connection's IP changed and also to iptables to
let ssh connections in from certain networks/addresses. If it's going to be
as trouble free as the above described, you can probably get by with
father-in-law switching on the machine if and when work is required.

Antti
P.S. My mother's WinPC was reliable until someone on Bogpond's helpdesk
convinced her to run their installer (to fix line problems!). Since then it's
been very flakey. I am intensely suspicious of ISP provided war3z.

-----Original Message-----
From: Robert Edwards [mailto:Robert.Edwards at anu.edu.au]
Sent: Tuesday, 4 February 2003 2:45 PM
To: linux at samba.org
Subject: remote firewall advice

My father-in-law is a farmer in the Riverina area of N.S.W. and uses a Windoze 
98 box for various farmy stuff as well as e-mail and web-surfing. His TCP 
stack has become corrupt on a number of occasions, resulting in the Bigpond 
tech guys taking him through a remove and re-install cycle a couple of times. 
This is, of course, a bit frustrating.

I am keen to set him up with a Linux firewall/dial-out server to protect his 
little old Windoze 98 box from the big bad Internet.

What I would really like is some way for him to press a button (the machine 
would have no keyboard) to initiate a dial-out connection. Once connected, I 
would like the machine to establish a connection back to me (I wouldn't be 
able to connect to it as I wouldn't know it's IP address and it may be behind 
a NAT router). Maybe a PPP over SSH connection or something so that I can log 
in from where I am and nurgle his configuration files or whatever.

Has anyone done anything like this - set up a remote dial-out machine that can 
be administered remotely? Anyone have any links to similar projects? Anyone 
got any advice on how to implement a button to establish the dial-out 
connection (he can't leave the machine permanently online for various 
reasons, including financial). Am I thinking in the right direction, or is 
there an easier way (I don't play with dial-out much at all, so this is all a 
bit new for me)?

Another thought I had, although requiring a new modem, would be to get a modem 
with caller ID. Then I could set it up so that if I rang it from a known 
phone number, it would then respond by dialing out to the ISP and 
establishing the connection to allow be to connect in. But this may be even 
more problematic.

Thanks for any ideas.

Cheers,

Bob Edwards.