expose internal network to the outside world
gilles fourchet
gilles.fourchet-zzOxFVvAfJPQT0dZR+AlfA at public.gmane.org
Fri Sep 16 13:47:46 UTC 2005
> from work, I type:
>
> ssh -p 2000 -l me mydomain.dyndns.org
> which gets to the router; the router sees that it's
> supposed to forward requests on port 2000 to 192.168.2.199
> ; 192.168.2.199 picks up the request and an ssh tunnel is
> formed
>
> on the other hand, if I type
> ssh -p 3000 -l metoo mydomain.dyndns.org
> the router sends the request to 192.168.2.254 instead.
> (even better would be to control destination by hostname,
> eg. 1.mydomain.dyndns.org, 2.mydoain.dyndns.org, etc --
> but I think this is unlikely to work).
Hi Matt,
A better way (I thhink :-)), would be to authorize only the
connections to one machine (say 192.162.1.199) and, from
there, access the rest of your network.
There are two main advantages:
- It is dependent on the number of workstations you want to
access to. If you add 1, 2 ,3 ,4, ... workstations and/or
servers, you do not have to change your configuration.
- I think it is more secure since you can focus on securing
one connection instead of several.
Hope that helps.
Gilles
--
The Toronto Linux Users Group. Meetings: http://tlug.ss.org
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://tlug.ss.org/subscribe.shtml
More information about the Legacy
mailing list