remote firewall advice

Tue Feb 4 22:14:21 EST 2003

Robert Edwards wrote:

> My father-in-law is a farmer in the Riverina area of N.S.W. and uses a Windoze
> 98 box for various farmy stuff as well as e-mail and web-surfing. His TCP
> stack has become corrupt on a number of occasions, resulting in the Bigpond
> tech guys taking him through a remove and re-install cycle a couple of times.
> This is, of course, a bit frustrating.
>
> I am keen to set him up with a Linux firewall/dial-out server to protect his
> little old Windoze 98 box from the big bad Internet.
>
> What I would really like is some way for him to press a button (the machine
> would have no keyboard) to initiate a dial-out connection. Once connected, I
> would like the machine to establish a connection back to me (I wouldn't be
> able to connect to it as I wouldn't know it's IP address and it may be behind
> a NAT router). Maybe a PPP over SSH connection or something so that I can log
> in from where I am and nurgle his configuration files or whatever.
>
>
When I last used pigpong, they did not give you a NAT'd connection. Thus, you can
be probed/portscanned etc by cretins from all over the world. Yippee!

In regards to Dynamic DNS, there are several organizations that do it. One that
I use is www.dynu.com, which have a Linux client. It (used) to core dump on exit,
but it *does* work.

>
> Has anyone done anything like this - set up a remote dial-out machine that can
> be administered remotely? Anyone have any links to similar projects? Anyone
> got any advice on how to implement a button to establish the dial-out
> connection (he can't leave the machine permanently online for various
> reasons, including financial). Am I thinking in the right direction, or is
> there an easier way (I don't play with dial-out much at all, so this is all a
> bit new for me)?
>

I used to have a similar set up here for the folks to use. Essentially I cobbled
together an rexec client. Very simple interface, had a File Menu, options menu,
and a button, which shows a separate window that has the command output. This was
written in Java, so it's portable. I haven't bothered publishing it, as it isn't
one of my prouder moments, but it does scratch an itch. If anyone's interested
about it, e-mail me off list.

> Another thought I had, although requiring a new modem, would be to get a modem
> with caller ID. Then I could set it up so that if I rang it from a known
> phone number, it would then respond by dialing out to the ISP and
> establishing the connection to allow be to connect in. But this may be even
> more problematic.

I concur. For starters, you need to find a modem that has decent caller-id
support. Secondly, you're assuming that caller-id always works. My experience is
that it doesn't.

Of course, the other solution is to buy a copy of Win4Lin and install Windows
inside that instead. :) It removes the whole issue of Windows borne virii from
the equation, and it's less unstable, in my experience. (If anyone wants a demo
I will gladly give one.)

HTH.