Hello,
I have a quick question is there a way to support a dynamic client IP,
other than reloading shorewall every 10 minutes from cron.
To be more precise, I''m travelling a lot and I wanted to have ssh and
smtp access on my own server. I want to limit access to this service to
my laptop at my-laptop.dyndns.org. My understanding of
shorewall/iptables tells me that using the cron job solution is the
only viable one ... so if you could just confirm this assumption, it
would be nice.
Thanks,
Guillaume
-------------------------------------------------------
This SF.Net email is sponsored by xPML, a groundbreaking scripting language
that extends applications into web and mobile media. Attend the live webcast
and join the prime developer group breaking into this new coding territory!
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642
Guillaume Taglang wrote:> Hello, > > I have a quick question is there a way to support a dynamic client IP, > other than reloading shorewall every 10 minutes from cron. > > To be more precise, I''m travelling a lot and I wanted to have ssh and > smtp access on my own server. I want to limit access to this service to > my laptop at my-laptop.dyndns.org. My understanding of > shorewall/iptables tells me that using the cron job solution is the > only viable one ... so if you could just confirm this assumption, it > would be nice. > > Thanks, > Guillaumewhat you need is OpenVPN . http://www.shorewall.net/OPENVPN.html
Cristian Rodriguez wrote:> Guillaume Taglang wrote: >> Hello, >> >> I have a quick question is there a way to support a dynamic client IP, >> other than reloading shorewall every 10 minutes from cron. >> >> To be more precise, I''m travelling a lot and I wanted to have ssh and >> smtp access on my own server. I want to limit access to this service to >> my laptop at my-laptop.dyndns.org. My understanding of >> shorewall/iptables tells me that using the cron job solution is the >> only viable one ... so if you could just confirm this assumption, it >> would be nice. >> >> Thanks, >> Guillaume > > > what you need is OpenVPN . > > http://www.shorewall.net/OPENVPN.html > >Or use two-factor authentication for ssh (rsa keys) and SMTP (X.509 certificates). Using dynamic IP addresses as a security measure is more trouble than it is worth. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key