Hello,

I have a Nokia E61i with Putty installed and it works OK.

My question is:

I would like to use this device when I'm out of my office to administer my Linux servers.

I have an IPCop Firewall protecting my network. I want to know how I can setup a preference to allow my device an SSH connection through my IPCop firewall?

Is there some way to do port forwarding but instead of a entering a source IP Address I can perhaps enter a source MAC address?

I want to be able to use either the wifi, 3G or GPRS networks on my phone which means that my network identification will be different.

Is this possible?

Thanks

It sounds like you want to enable SSH only for that one device?

If so, your best bet would be to just forward the port to the server, and use public/private key authentication. That way, only devices that have your encryption key can connect to the SSH server.

That should read:

That way, only devices that have your encryption key can connect to the SSH server as long as everything in your installation of SSHD is working properly.

A firewall that only allows a certain MAC address through to a port and a service that answers to all IP's but only allows certain ones access are not the same thing. Ideally, you want both. That way you would be able to say:

That way, only that particular device could connect to the SSH server as long as it had your encryption key and your firewall OR your SSHD were working properly.

My 2 pennies,

Forrest

Obviously we assume that the software will be setup properly. I don't see what your point is here exactly, if we qualified everything on the boards with "P.S. This only works if you do it right", we would certainly waste a lot of time.

As for filtering by source MAC, that simply isn't going to work. First of all MAC authentication is painfully easy to circumvent, to the point of being useless. Second, you can't tell the actual MAC of a device you are connecting to over the Internet, as you are connecting to it through multiple routers. The only time the phone's real MAC might be available is when it is connected direct to the cell network (I am not sure how they handle NAT and routing over cell networks onto the Internet, so even this might not be viable) but certainly not when he is connected over WiFi.

I'm not talking about setting up or configuring properly, I'm talking about a security hole that isn't known yet (i.e. WORKING properly). The purpose of a firewall is to only allow known good traffic through to your system. That way, if something is broken that you aren't aware of, the only possible traffic to the broken service is from someone you trust anyway. If everything WORKED properly, we wouldn't need firewalls. The best approach is to make any hole in the firewall as small as possible. You start off with a source IP/port being allowed through to a destination IP/port. If that hole isn't big enough to support what you need you open it a little bigger, an IP Range/port allowed through to a destination IP/port, then just source port allowed through to a destination IP/port, etc.

As far as filtering by source MAC, I agree that it probably isn't going to work (that's why I didn't offer any suggestions on how to do it and left it to someone who knows more about very low level networking than I do), but that IS what keenboy is asking for. I don't like to say something can't be done because it seems every time I do I am shown it can be.

Forrest