Remote access

Fri Oct 14 11:58:27 UTC 2011

-----Original Message-----
From: users-bounces at lists.fedoraproject.org [mailto:users-bounces at lists.fedoraproject.org] On Behalf Of Marko Vojinovic
Sent: vrijdag 14 oktober 2011 13:26
To: Community support for Fedora users
Subject: Re: Remote access

On Friday 14 October 2011 05:32:23 Scott Rouse wrote:
> On Oct 14, 2011 12:13 AM, "KC8LDO" <kc8ldo at arrl.net> wrote:
> > Is there a way to use ssh to get through a firewall for remote 
> > access to a system? The situation I'm looking at is a Fedora system 
> > sitting behind a company firewall, which I have no control over, 
> > that I wish to gain access to by logging into it over the Internet from a remote computer.
> > In other words the connection is initiated from outside of the 
> > firewalled company network.
> 
> There are many companies that would frown upon doing what you are 
> proposing.  I would suggest that you talk to your network/firewall 
> admin and see if they will make an allowance for you.

True, and that is usually the best option. The drawback being that you are putting yourself at mercy of the firewall admin, who might be lazy, incompetent, or ignorant (which is sometimes the case), or have a boss that is one of those things (which is the case quite often).

However, every serious firewall admin should know that the firewall is a one-way barrier, protecting local users from the outside attack, and having in principle no way to protect the outside world from the local user. Or in the words of the firewall-piercing HOWTO ( http://tldp.org/HOWTO/Firewall-Piercing ):

<quote>
A firewall cannot protect a network against its own internal users, and should not even try to.
</quote>

So, if the OP asks his admin to allow him the access, and is refused, I think it is perfectly legitimate to DIY and pierce a connection through.

Best, :-)
Marko

Hi some remarks to make...

Firstly, if you have a good defined and well maitained firewall, it's hard to get _IN_.
One way of dealing with the problem, is installing at work (if you can) an openvpn connection towards home.
Even if the company firewall very strict, they will stil allow port 80/443 going out.
On those ports, you can do an openvpn-proxy. Examples on the openvpn site.

OTOH. If you ask and were declined, or don't ask and they find out later, this is for most companies enough reason fon instantly been throwed out.
And perhaps get a law suit against you.

So i would _strongly_ suggest asking your sysadmin / networkadmin / securityadmin to open-up a port for allowing incoming VPN's.
If it is for doing work from home location, they probably don't object.

Better safe then sorry (and fired)

Hans

______________________________________________________________________
Dit bericht kan informatie bevatten die niet voor u is bestemd. Indien u niet de geadresseerde bent of dit bericht abusievelijk aan u is toegezonden, wordt u verzocht dat aan de afzender te melden en het bericht te verwijderen. De Staat aanvaardt geen aansprakelijkheid voor schade, van welke aard ook, die verband houdt met risico's verbonden aan het elektronisch verzenden van berichten.

This message may contain information that is not intended for you. If you are not the addressee or if this message was sent to you by mistake, you are requested to inform the sender and delete the message. The State accepts no liability for damage of any kind resulting from the risks inherent in the electronic transmission of messages.