Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I have a Nokia E61i with Putty installed and it works OK.
My question is:
I would like to use this device when I'm out of my office to administer my Linux servers.
I have an IPCop Firewall protecting my network. I want to know how I can setup a preference to allow my device an SSH connection through my IPCop firewall?
Is there some way to do port forwarding but instead of a entering a source IP Address I can perhaps enter a source MAC address?
I want to be able to use either the wifi, 3G or GPRS networks on my phone which means that my network identification will be different.
It sounds like you want to enable SSH only for that one device?
If so, your best bet would be to just forward the port to the server, and use public/private key authentication. That way, only devices that have your encryption key can connect to the SSH server.
That way, only devices that have your encryption key can connect to the SSH server.
That should read:
That way, only devices that have your encryption key can connect to the SSH server as long as everything in your installation of SSHD is working properly.
A firewall that only allows a certain MAC address through to a port and a service that answers to all IP's but only allows certain ones access are not the same thing. Ideally, you want both. That way you would be able to say:
That way, only that particular device could connect to the SSH server as long as it had your encryption key and your firewall OR your SSHD were working properly.
That way, only devices that have your encryption key can connect to the SSH server as long as everything in your installation of SSHD is working properly.
Obviously we assume that the software will be setup properly. I don't see what your point is here exactly, if we qualified everything on the boards with "P.S. This only works if you do it right", we would certainly waste a lot of time.
Quote:
A firewall that only allows a certain MAC address through to a port and a service that answers to all IP's but only allows certain ones access are not the same thing. Ideally, you want both.
As for filtering by source MAC, that simply isn't going to work. First of all MAC authentication is painfully easy to circumvent, to the point of being useless. Second, you can't tell the actual MAC of a device you are connecting to over the Internet, as you are connecting to it through multiple routers. The only time the phone's real MAC might be available is when it is connected direct to the cell network (I am not sure how they handle NAT and routing over cell networks onto the Internet, so even this might not be viable) but certainly not when he is connected over WiFi.
Obviously we assume that the software will be setup properly
I'm not talking about setting up or configuring properly, I'm talking about a security hole that isn't known yet (i.e. WORKING properly). The purpose of a firewall is to only allow known good traffic through to your system. That way, if something is broken that you aren't aware of, the only possible traffic to the broken service is from someone you trust anyway. If everything WORKED properly, we wouldn't need firewalls. The best approach is to make any hole in the firewall as small as possible. You start off with a source IP/port being allowed through to a destination IP/port. If that hole isn't big enough to support what you need you open it a little bigger, an IP Range/port allowed through to a destination IP/port, then just source port allowed through to a destination IP/port, etc.
As far as filtering by source MAC, I agree that it probably isn't going to work (that's why I didn't offer any suggestions on how to do it and left it to someone who knows more about very low level networking than I do), but that IS what keenboy is asking for. I don't like to say something can't be done because it seems every time I do I am shown it can be.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.