Scorpy wrote:> Hello! > > I am new to this list, so I am sory if this has already been answered. > > I am looking for a way to enable my notebook to have access to my home > network regardles where I am.Ok.> This is do-able if I have i fixed IP on some location, but if I have a > dynamic IP, how can shorewall tell whic user am I so it can let me thru the > firewall?It can''t.> I ve seen the MAC parameter in rules, but it doesnt work if your behind some > other router.Correct. Think of a MAC address as how machines that are PHYSICALLY LINKED (ie, on the same hub/switch) talk to each other.> Is there a way other than VPN to solve my problem?Perhaps by some yucky messy error-prone stuff, but why don''t you want to use a VPN? Your situation is why VPNs came to be! Suggestion: http://openvpn.org> Thanks for the help! > > Best regards, > > Scorpy
Hello! I am new to this list, so I am sory if this has already been answered. I am looking for a way to enable my notebook to have access to my home network regardles where I am. This is do-able if I have i fixed IP on some location, but if I have a dynamic IP, how can shorewall tell whic user am I so it can let me thru the firewall? I ve seen the MAC parameter in rules, but it doesnt work if your behind some other router. Is there a way other than VPN to solve my problem? Thanks for the help! Best regards, Scorpy
Hello! I am new to this list, so I am sory if this has already been answered. I am looking for a way to enable my notebook to have access to my home network regardles where I am. This is do-able if I have i fixed IP on some location, but if I have a dynamic IP, how can shorewall tell whic user am I so it can let me thru the firewall? I ve seen the MAC parameter in rules, but it doesnt work if your behind some other router. Is there a way other than VPN to solve my problem? Thanks for the help! Best regards, Scorpy
Scorpy wrote:> Hello! > > I am new to this list, so I am sory if this has already been answered. > > I am looking for a way to enable my notebook to have access to my home > network regardles where I am. > This is do-able if I have i fixed IP on some location, but if I have a > dynamic IP, how can shorewall tell whic user am I so it can let me thru the > firewall? > I ve seen the MAC parameter in rules, but it doesnt work if your behind some > other router. > > Is there a way other than VPN to solve my problem? > > Thanks for the help! > > Best regards, > > ScorpyScorpy, If I remember right :), you can enter a hostname instead of the ip address, If I''m wrong Tom it would be a nice feature sometime. You can use, say dyndns, to give you a hostmane and depending on what OS your laptop uses a client, say ddclient, to tell your name provider with your new ip address. This can then be mapped to the name you have chosen and passed to a dns. The process is very quick typically in under a minute. One thing to note is if you use SSL to list your key as the same hostmane you are using with the name provider ( dyndns). Other wise you will get locked out of your own network for changing parameters. HTH Richard
Hmm then I will probably use VPN. Is there some good howto for setting VPN Windows <-> Linux. I ve done it with linux <-> linux, but never win <-> linux. Thanks. -----Original Message----- From: shorewall-users-bounces@lists.shorewall.net [mailto:shorewall-users-bounces@lists.shorewall.net]On Behalf Of Brad Sent: Saturday, April 09, 2005 9:18 AM To: Mailing List for Shorewall Users Subject: Re: [Shorewall-users] Question about MAC filter Scorpy wrote:> Hello! > > I am new to this list, so I am sory if this has already been answered. > > I am looking for a way to enable my notebook to have access to my home > network regardles where I am.Ok.> This is do-able if I have i fixed IP on some location, but if I have a > dynamic IP, how can shorewall tell whic user am I so it can let me thruthe> firewall?It can''t.> I ve seen the MAC parameter in rules, but it doesnt work if your behindsome> other router.Correct. Think of a MAC address as how machines that are PHYSICALLY LINKED (ie, on the same hub/switch) talk to each other.> Is there a way other than VPN to solve my problem?Perhaps by some yucky messy error-prone stuff, but why don''t you want to use a VPN? Your situation is why VPNs came to be! Suggestion: http://openvpn.org> Thanks for the help! > > Best regards, > > Scorpy_______________________________________________ Shorewall-users mailing list Post: Shorewall-users@lists.shorewall.net Subscribe/Unsubscribe: https://lists.shorewall.net/mailman/listinfo/shorewall-users Support: http://www.shorewall.net/support.htm FAQ: http://www.shorewall.net/FAQ.htm
Richard, I ve never seen this option in "rules". So how is hostname used? Like this? ACCEPT net:somedomain.something.com fw tcp 22 Scorpy -----Original Message----- From: shorewall-users-bounces@lists.shorewall.net [mailto:shorewall-users-bounces@lists.shorewall.net]On Behalf Of richard Sent: Saturday, April 09, 2005 11:30 AM To: Mailing List for Shorewall Users Subject: Re: [Shorewall-users] Question about MAC filter Scorpy wrote:> Hello! > > I am new to this list, so I am sory if this has already been answered. > > I am looking for a way to enable my notebook to have access to my home > network regardles where I am. > This is do-able if I have i fixed IP on some location, but if I have a > dynamic IP, how can shorewall tell whic user am I so it can let me thruthe> firewall? > I ve seen the MAC parameter in rules, but it doesnt work if your behindsome> other router. > > Is there a way other than VPN to solve my problem? > > Thanks for the help! > > Best regards, > > ScorpyScorpy, If I remember right :), you can enter a hostname instead of the ip address, If I''m wrong Tom it would be a nice feature sometime. You can use, say dyndns, to give you a hostmane and depending on what OS your laptop uses a client, say ddclient, to tell your name provider with your new ip address. This can then be mapped to the name you have chosen and passed to a dns. The process is very quick typically in under a minute. One thing to note is if you use SSL to list your key as the same hostmane you are using with the name provider ( dyndns). Other wise you will get locked out of your own network for changing parameters. HTH Richard _______________________________________________ Shorewall-users mailing list Post: Shorewall-users@lists.shorewall.net Subscribe/Unsubscribe: https://lists.shorewall.net/mailman/listinfo/shorewall-users Support: http://www.shorewall.net/support.htm FAQ: http://www.shorewall.net/FAQ.htm
richard wrote:> > Scorpy, If I remember right :), you can enter a hostname instead of the > ip address, If I''m wrong Tom it would be a nice feature sometime.See http://shorewall.net/configuration_file_basics.htm#dnsnames.> You can use, say dyndns, to give you a hostmane and depending on what OS > your laptop uses a client, > say ddclient, to tell your name provider with your new ip address. This > can then be mapped to the name you have chosen and passed to a dns. > > The process is very quick typically in under a minute. > One thing to note is if you use SSL to list your key as the same > hostmane you are using with the name provider ( dyndns). > Other wise you will get locked out of your own network for changing > parameters.If you read the article linked above though, you will see that a DNS name in a Shorewall rule isn''t useful if the DNS name is assigned using dyndns. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key