On Sunday 31 December 2006 12:39, Ahmed Hussain wrote:
Hi ,
Sorry I'm a newbie , what if I my router doesent have a public IP itself. I mean to say my provider provides me a 192.168.1.x of it's network and internally I have a lan. will I ever be able to access me personal system via router [provided my ISP provider will not change any of it's settings from his end ] . wondering if any kind of dynaDSN or peer to peer can help me to do that .
Any Suggestions ?
Yes, run, don't walk, stumble or crawl, as fast as you can, to another provider. Having dealt with that sort of a scenario on dialup many years ago, that's a security hole you can drive an 80,000 pound load of swinging beef through. An insurance agents secretaries machine 45 miles away got infected with the first generation of sobig and tied up the whole network, and the isp refused to disconnect a good customer. We were all linux on the gateway side so that worm, nor any of the others have ever bothered out servers. The winderz boxes in the various offices are another horse entirely though. But we did make quite an impression on them about opening emails from unknown srcs after word got around that we were no longer spending days per machine running viri detectors, but were simply re-imageing the machine that got infected, losing ALL their personal stuff including sales leads and black book addresses.
We sent several emails, finally getting into the nastygram mode, to which the sexytaries only reply was "so what, its working for me. And if you contact me again with that kind of language the next phone call will be from our lawyer." A genuine cast iron bitch she was.
It cost us 95% of our bandwidth defending against that box 45 miles away, back when a 56k dialup was the rule of the land. So we spent better than 15 grand on a T1 till a new isp came on the scene.
vz at least gives me an outside address at the outside of my router, in this case an old box with DD-WRT installed on it.
DD-WRT, and an outside address, can setup a VPN in just a few minutes.
Regards, Ahmed Hussain
On Sun, 2006-12-31 at 12:27 -0500, Jacques B. wrote:
On 12/30/06, Timothy Murphy tim@birdsnest.maths.tcd.ie wrote:
What is the safest way of allowing access to a home system from a remote computer? I am running Fedora-6 and shorewall.
Any advice or suggestions gratefully received.
-- Timothy Murphy e-mail (<80k only): tim /at/ birdsnest.maths.tcd.ie tel: +353-86-2336090, +353-1-2842366 s-mail: School of Mathematics, Trinity College, Dublin 2, Ireland
-- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
I agree - ssh with no password and then use certificates to authenticate. And start it with the -X option if you want to be able to run XWindows applications over ssh.
As for a router, as was noted, you simply need to configure your router so that all traffic coming in on whatever port you decide to use for ssh (22 being the default) is forwarded to your ssh server. You will want to assign a static IP to your ssh server (either configuring the box itself, or if your router supports it, assign static IP via DHCP for the nic in your ssh server). It would also be wise to disable root access via ssh. If you need root access, you can su or sudo once you've connected to your server.
To copy files, you can use scp to access your ssh server. If you simply want to set up a shared drive on your server, then have a look at hamachi. I've played with it (the Windows version mind you, but they have a Linux version as well). You can find Hamachi at http://www.hamachi.cc/. The nice thing with Hamachi is that it's zero configuration. You don't have to open ports on your router to get it to work. The down side if you are paranoid is that you are relying on someone else's network and product vs known/trusted ssh.
And of course VNC and its flavours might do the trick. I am pretty certain you can tunnel VNC through ssh if you want to wrap a layer of protection/encryption. I had managed to get VNC to work over Hamachi for a fleeing moment a while back (Windows box otherwise I would have tried it with ssh).
Jacques B.