expose internal network to the outside world

gilles fourchet gilles.fourchet-zzOxFVvAfJPQT0dZR+AlfA at public.gmane.org
Fri Sep 16 13:47:46 UTC 2005


> from work, I type:
> 
> ssh -p 2000 -l me mydomain.dyndns.org
> which gets to the router; the router sees that it's
> supposed to forward requests on port 2000 to 192.168.2.199
> ; 192.168.2.199 picks up the request and an ssh tunnel is
> formed
> 
> on the other hand, if I type
> ssh -p 3000 -l metoo mydomain.dyndns.org
> the router sends the request to 192.168.2.254 instead.
> (even better would be to control destination by hostname,
> eg. 1.mydomain.dyndns.org, 2.mydoain.dyndns.org, etc --
> but I think this is unlikely to work).

Hi Matt,

A better way (I thhink :-)), would be to authorize only the
connections to one machine (say 192.162.1.199) and, from
there, access the rest of your network.

There are two main advantages:
- It is dependent on the number of workstations you want to
access to.  If you add 1, 2 ,3 ,4, ... workstations and/or
servers, you do not have to change your configuration.
- I think it is more secure since you can focus on securing
one connection instead of several.

Hope that helps.

Gilles
--
The Toronto Linux Users Group.      Meetings: http://tlug.ss.org
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://tlug.ss.org/subscribe.shtml





More information about the Legacy mailing list