remote firewall advice
Alex Satrapa
grail at goldweb.com.au
Tue Feb 4 17:27:24 EST 2003
On Tuesday, February 4, 2003, at 02:44 , Robert Edwards wrote:
> I am keen to set him up with a Linux firewall/dial-out server to
> protect his
> little old Windoze 98 box from the big bad Internet.
I agree with you on that score - connecting any Windows machine to the
Internet is just asking for trouble. Invoke meringue prison adage here.
> What I would really like is some way for him to press a button ...
> dial-out connection. ... establish a connection back to me ... so that
> I can log
> in from where I am and nurgle his configuration files or whatever.
I'm working on a webmin module to allow users to initiate any defined
PPP connection (and to edit existing/create new peers).
Connecting back to you or connecting into his machine is easy - use
ez-ipupdate and DynDNS, and perhaps OpenVPN.
But be aware that the first thing to go wrong will be the dial-up
connection. You can't diagnose ppp dialup problems remotely!
> Anyone got any advice on how to implement a button to establish the
> dial-out
> connection (he can't leave the machine permanently online for various
> reasons, including financial).
With a modified keyboard (remember that three-button modified microsoft
keyboard?), you could modify the "ca" entry in /etc/inittab to run pppd
instead of rebooting. Or have the ca entry shut the machine down
cleanly, and the "magic on button" is the power switch.
Alternatives are to use Smoothwall (or whatever open/free replacement
you can find) which provides a convenient web interface to do things
like dial up, disconnect, and shut down.
> Am I thinking in the right direction, or is
> there an easier way (I don't play with dial-out much at all, so this is
> all a
> bit new for me)?
Much easier to do stuff in software than to kluge some fancy magic
button ;)
> Another thought I had, although requiring a new modem, would be to [set
> up a complex contraption with lots of bells and whistles and lots of
> places for things to break].
I'd suggest avoiding that scenario - use DynDNS for both ends, so his
end can find you, your end can find his, and perhaps consider using
OpenVPN to establish a secure tunnel so that you can go frob the config
files.
Webmin is somewhat useful for administrative purposes, but I haven't yet
seen a "dial up control" module (which is why I'm trying to write one).
Smoothwall is exactly what you need in this instance. Web-based, all
sensible controls are available (dialup, disconnect, shutdown).
Smoothwall doesn't yet have a web-based power-up command, though I
suspect having a suitable M/B and NIC with WOL, you could write a batch
file to magic-ping the firewall box.
Windows 98 will happily live behind such a firewall as long as the fire
wall is switched on before and off after the Windows 98 box, and
supplies said Win98 box with appropriate services (DNS being the most
important one I can think of right now).
Last I saw of Smoothwall was back in the 0.75 days though. My webmin
module is only just started (about 5 hours effort so far, and most of
that just learning how webmin modules work).
Smoothwall: http://www.smoothwall.org/
Webmin: http://www.webmin.com/
HTH
Alex
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 225 bytes
Desc: not available
Url : http://lists.samba.org/archive/linux/attachments/20030204/bca330fc/attachment.bin
More information about the linux
mailing list