remote firewall advice
Aaron Smith
Aaron.Smith at Sun.COM
Tue Feb 4 17:24:02 EST 2003
Robert,
I have successfully done this for my father.
- Linux distro is RH7.3 with NAT and IP Filtering as the gateway host.
I am not recommending this distribution, it was just what I knew at the
time.
- I have a CGI script on the gateway that provides a web page with a
connect button, a disconnect button and info about the ppp connection
(IP address, ping tests, etc.). I can provide this CGI (bourne shell)
script, if you want it.
- for remote administration I used:
- sshd running on the gateway
- ddclient to update DNS thru www.dyndns.org (not needed but nice)
- a cron job (every 5 minutes) that outputs the IP address and time
to a file that is then FTP-ed (ncftpput) to a ISP-provided user
web page (eg. www.myisp.com.au/~joehacker). This not only tells
me the IP address but how long ago his connection was up (less
than 5 minutes means the connection is most likely still up).
This may sound a little convaluted but it is pretty simple and it works.
Enjoy,
Aaron.
Robert Edwards wrote:
> My father-in-law is a farmer in the Riverina area of N.S.W. and uses a Windoze
> 98 box for various farmy stuff as well as e-mail and web-surfing. His TCP
> stack has become corrupt on a number of occasions, resulting in the Bigpond
> tech guys taking him through a remove and re-install cycle a couple of times.
> This is, of course, a bit frustrating.
>
> I am keen to set him up with a Linux firewall/dial-out server to protect his
> little old Windoze 98 box from the big bad Internet.
>
> What I would really like is some way for him to press a button (the machine
> would have no keyboard) to initiate a dial-out connection. Once connected, I
> would like the machine to establish a connection back to me (I wouldn't be
> able to connect to it as I wouldn't know it's IP address and it may be behind
> a NAT router). Maybe a PPP over SSH connection or something so that I can log
> in from where I am and nurgle his configuration files or whatever.
>
> Has anyone done anything like this - set up a remote dial-out machine that can
> be administered remotely? Anyone have any links to similar projects? Anyone
> got any advice on how to implement a button to establish the dial-out
> connection (he can't leave the machine permanently online for various
> reasons, including financial). Am I thinking in the right direction, or is
> there an easier way (I don't play with dial-out much at all, so this is all a
> bit new for me)?
>
> Another thought I had, although requiring a new modem, would be to get a modem
> with caller ID. Then I could set it up so that if I rang it from a known
> phone number, it would then respond by dialing out to the ISP and
> establishing the connection to allow be to connect in. But this may be even
> more problematic.
>
> Thanks for any ideas.
>
> Cheers,
>
> Bob Edwards.
>
More information about the linux
mailing list