I want my firewall to let few mobile clients to connect over the Internet to my backup server on the LAN without using VPN or SSH forwarding. The connection is secured via TLS certs + encrypt provided by the backup application. A rule like this DNAT net:$CLIENT1 loc:$BACKUP tcp PPPP works if CLIENT1 has a fixed IP address. Unfortunately clients have dinamically assigned IP addresses, with FQDN assigned to each client via a dynamic DNS service provider. Is there a solution ? What rules should I implement knowing that I run ShoreWall 3.2.8 ? Thanks, Costantino ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2005. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
Costantino wrote:> > Is there a solution ? >No. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2005. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
Andrew Suffield
2007-Sep-24 16:56 UTC
Re: rules for a client with dynamic IP addessr+ FQDN ?
On Mon, Sep 24, 2007 at 06:38:00PM +0200, Costantino wrote:> The connection is secured via TLS certs + encrypt provided by the backup > application.Then why are you wasting time on trying to limits access to certain IP addresses? That''s pointless if you have real security measures. ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2005. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
Artur UszyĆski
2007-Sep-25 07:16 UTC
Re: rules for a client with dynamic IP addessr+ FQDN ?
Costantino pisze:> I want my firewall to let few mobile clients to connect over the Internet > to my backup server on the LAN without using VPN or SSH forwarding. > The connection is secured via TLS certs + encrypt provided by the backup > application. > > A rule like this > > DNAT net:$CLIENT1 loc:$BACKUP tcp PPPP > > works if CLIENT1 has a fixed IP address. Unfortunately clients have > dinamically assigned IP addresses, with FQDN assigned to each client > via a dynamic DNS service provider. > > Is there a solution ? > What rules should I implement knowing that I run ShoreWall 3.2.8 ?You could try the way described at http://www.shorewall.net/3.0/PortKnocking.html (there is almost exactly the same situations described there). -- Artur ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2005. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/