Hello!

I would like to access a Linux-Server via nomachine (ssh) from the internet.

So I am planing to get a fix ip, a dmz an so on.

Here my question: How to do that and what tools to use!

Server (noMachine) <--------Intranet sending Data (files) to the server
............................|
............................|
Internet ----> FIREWALL

I do not want the Server to be able to enter the Intranet so i first thought of 2 Firewalls
like:

Server (noMachine) <- Firewall <---Intranet sending Data (files) to the server
............................|
............................|
Internet ----> FIREWALL

But now I think of:

Internet ----> Server (noMachine) <- Firewall <---Intranet sending Data (files) to the server
with active firewall
on the same hardware

1.)What about that ???
2.) Can a router replace a firewall by just letting traffic to the Server/noMachine and not letting any traffic in the other direction ?????

Thanks

i would sugest using ssh and have this as the only port open on your firewall also make sure it is the only deamon listning on the linux machine.

ssh is secure so i wouldnt worry about people hacking it.(you could allways run a firewall over it allowing connections from specific ip addresses only, though you can do this in ssh)

In a word NO you cant only accep data transfer in one direction as the server need to send acknowledgement packets back to the client machine or vise versa.

No trying to be rude but the diagram makes no sense. You could have:

client machine --->ssh(client)-->firewall>---------------INTERNET-------------------<firewall<--ssh(deamon)<--server

I think what you are after is something like this. A firewall machine with 3 network cards in it.
eth0 is connected to the internet
eth1 is your local intranet on a non routable class C address
eth2 to the dmz where the server(s) will be. It will be on another non routable class C address.

eth0 external IP
eth1 192.168.1.0/24
eth2 192.168.2.0/24

Setup iptables to do all the packet filtering. Lots of info here on the subject.

For the second question, a router does the same as a firewall. It would be easier, but would use 2 routers.
First router with external IP on the wan and the internal setup as 192.168.1.0/24. This is where your server(s) will be located. Then with the second router the outside port on it will be connected to the inside lan port of the first router. Use an address like 192.168.1.10 for the wan side and then make the lan side of it 192.168.2.0. Now all you have to do is setup which port to forward to in the 192.168.1.0/24 area. On the second router no port forwarding is done to protect the internal machines on the private lan.

external IP > 1st router > 192.168.1.0/24(server(s)) > 192.168.1.10 > 2nd router > 192.168.2.0/24(lan machines)

If you want to add more security, all machines should run a firewall on them themselves.

Hope this helps out.
Brian1

Thanks for your ideas so far!

I think I will do the following:

Install a firewall on the server ( with only the ssh port open). Install nomachine on the Server, an configuring it to only accept ssh crypted sessions. Then i place a router at the other side (eth1 internal network) an connect the server with is connected to the internet via eth0 with a crossover cable to the route which will be connected to our intranet.

I think this will be ok, or not ??

I simply would like not to use a firewall at the route to my Intranet as i just would like to let NO traffic to my intranet. So I think this is an as easy rule as possible and a router would be the most easy way to astablish this, not ?