remote firewall advice

Alex Satrapa grail at goldweb.com.au
Tue Feb 4 17:27:24 EST 2003 

On Tuesday, February 4, 2003, at 02:44 , Robert Edwards wrote:

> I am keen to set him up with a Linux firewall/dial-out server to 
> protect his
> little old Windoze 98 box from the big bad Internet.

I agree with you on that score - connecting any Windows machine to the 
Internet is just asking for trouble.  Invoke meringue prison adage here.

> What I would really like is some way for him to press a button ... 
> dial-out connection. ... establish a connection back to me ... so that 
> I can log
> in from where I am and nurgle his configuration files or whatever.

I'm working on a webmin module to allow users to initiate any defined 
PPP connection (and to edit existing/create new peers).

Connecting back to you or connecting into his machine is easy - use 
ez-ipupdate and DynDNS, and perhaps OpenVPN.

But be aware that the first thing to go wrong will be the dial-up 
connection.  You can't diagnose ppp dialup problems remotely!

> Anyone got any advice on how to implement a button to establish the 
> dial-out
> connection (he can't leave the machine permanently online for various
> reasons, including financial).

With a modified keyboard (remember that three-button modified microsoft 
keyboard?), you could modify the "ca" entry in /etc/inittab to run pppd 
instead of rebooting.  Or have the ca entry shut the machine down 
cleanly, and the "magic on button" is the power switch.

Alternatives are to use Smoothwall (or whatever open/free replacement 
you can find) which provides a convenient web interface to do things 
like dial up, disconnect, and shut down.

>  Am I thinking in the right direction, or is
> there an easier way (I don't play with dial-out much at all, so this is 
> all a
> bit new for me)?

Much easier to do stuff in software than to kluge some fancy magic 
button ;)

> Another thought I had, although requiring a new modem, would be to [set 
> up a complex contraption with lots of bells and whistles and lots of 
> places for things to break].

I'd suggest avoiding that scenario - use DynDNS for both ends, so his 
end can find you, your end can find his, and perhaps consider using 
OpenVPN to establish a secure tunnel so that you can go frob the config 
files.

Webmin is somewhat useful for administrative purposes, but I haven't yet 
seen a "dial up control" module (which is why I'm trying to write one).

Smoothwall is exactly what you need in this instance.  Web-based, all 
sensible controls are available (dialup, disconnect, shutdown). 
Smoothwall doesn't yet have a web-based power-up command, though I 
suspect having a suitable M/B and NIC with WOL, you could write a batch 
file to magic-ping the firewall box.

Windows 98 will happily live behind such a firewall as long as the fire 
wall is switched on before and off after the Windows 98 box, and 
supplies said Win98 box with appropriate services (DNS being the most 
important one I can think of right now).

Last I saw of Smoothwall was back in the 0.75 days though.  My webmin 
module is only just started (about 5 hours effort so far, and most of 
that just learning how webmin modules work).

Smoothwall: http://www.smoothwall.org/
Webmin: http://www.webmin.com/

HTH
Alex
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 225 bytes
Desc: not available
Url : http://lists.samba.org/archive/linux/attachments/20030204/bca330fc/attachment.bin

More information about the linux mailing list