remote firewall advice

Aaron Smith Aaron.Smith at Sun.COM
Tue Feb 4 17:24:02 EST 2003


I have successfully done this for my father.

- Linux distro is RH7.3 with NAT and IP Filtering as the gateway host. 
I am not recommending this distribution, it was just what I knew at the 

- I have a CGI script on the gateway that provides a web page with a 
connect button, a disconnect button and info about the ppp connection 
(IP address, ping tests, etc.).  I can provide this CGI (bourne shell) 
script, if you want it.

- for remote administration I used:
   - sshd running on the gateway
   - ddclient to update DNS thru (not needed but nice)
   - a cron job (every 5 minutes) that outputs the IP address and time
     to a file that is then FTP-ed (ncftpput) to a ISP-provided user
     web page (eg. This not only tells
     me the IP address but how long ago his connection was up (less
     than 5 minutes means the connection is most likely still up).

This may sound a little convaluted but it is pretty simple and it works.



Robert Edwards wrote:
> My father-in-law is a farmer in the Riverina area of N.S.W. and uses a Windoze 
> 98 box for various farmy stuff as well as e-mail and web-surfing. His TCP 
> stack has become corrupt on a number of occasions, resulting in the Bigpond 
> tech guys taking him through a remove and re-install cycle a couple of times. 
> This is, of course, a bit frustrating.
> I am keen to set him up with a Linux firewall/dial-out server to protect his 
> little old Windoze 98 box from the big bad Internet.
> What I would really like is some way for him to press a button (the machine 
> would have no keyboard) to initiate a dial-out connection. Once connected, I 
> would like the machine to establish a connection back to me (I wouldn't be 
> able to connect to it as I wouldn't know it's IP address and it may be behind 
> a NAT router). Maybe a PPP over SSH connection or something so that I can log 
> in from where I am and nurgle his configuration files or whatever.
> Has anyone done anything like this - set up a remote dial-out machine that can 
> be administered remotely? Anyone have any links to similar projects? Anyone 
> got any advice on how to implement a button to establish the dial-out 
> connection (he can't leave the machine permanently online for various 
> reasons, including financial). Am I thinking in the right direction, or is 
> there an easier way (I don't play with dial-out much at all, so this is all a 
> bit new for me)?
> Another thought I had, although requiring a new modem, would be to get a modem 
> with caller ID. Then I could set it up so that if I rang it from a known 
> phone number, it would then respond by dialing out to the ISP and 
> establishing the connection to allow be to connect in. But this may be even 
> more problematic.
> Thanks for any ideas.
> Cheers,
> Bob Edwards.

More information about the linux mailing list