remote firewall advice

[Martin Schwenke]

Hi Bob,

>>>>> "Bob" == Robert Edwards <Robert.Edwards at anu.edu.au> writes:

    Bob> Has anyone done anything like this - set up a remote dial-out
    Bob> machine that can be administered remotely? Anyone have any
    Bob> links to similar projects? Anyone got any advice on how to
    Bob> implement a button to establish the dial-out connection (he
    Bob> can't leave the machine permanently online for various
    Bob> reasons, including financial). Am I thinking in the right
    Bob> direction, or is there an easier way (I don't play with
    Bob> dial-out much at all, so this is all a bit new for me)?

I've done this twice before, but I used lower tech solutions.  :-)

* I put a web server on the gateway with a CGI script that ran
  ifconfig.  If I needed to get it I would call a specified person
  sitting at a Windows box and asked them to hit a bookmark in their
  browser.  They then read out the address for me.

* When someone I know wants help with their Linux box, they send me
  e-mail.  If I get the mail soon enough I try SSHing to the address
  their machine had when they sent the mail.

Like I said, low-tech, but close to no time investment for either of
them.  Neither of them will work if the connection is NATed.

The alternative is, if you have a fixed IP, get the box to SSH to you
with a reverse tunnel (via -R option), so you can connect back down to
the SSH port.  I seem to remember the problem I've noticed for this is
that, if you do this for a few hosts, the host key for localhost tends
to change a lot..  :-)

peace & happiness,
martin