Visit Jeremy's Blog.
Go Back > Forums > Linux Forums > Linux - Networking
User Name
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.


  Search this Thread
Old 08-15-2005, 10:10 AM   #1
Registered: Nov 2001
Location: NRW, Germany
Distribution: SLES / FC/ OES / CentOS
Posts: 611

Rep: Reputation: 32


I would like to access a Linux-Server via nomachine (ssh) from the internet.

So I am planing to get a fix ip, a dmz an so on.

Here my question: How to do that and what tools to use!

Server (noMachine) <--------Intranet sending Data (files) to the server
Internet ----> FIREWALL

I do not want the Server to be able to enter the Intranet so i first thought of 2 Firewalls

Server (noMachine) <- Firewall <---Intranet sending Data (files) to the server
Internet ----> FIREWALL

But now I think of:

Internet ----> Server (noMachine) <- Firewall <---Intranet sending Data (files) to the server
with active firewall
on the same hardware

1.)What about that ???
2.) Can a router replace a firewall by just letting traffic to the Server/noMachine and not letting any traffic in the other direction ?????

Old 08-16-2005, 06:59 PM   #2
Registered: Mar 2005
Posts: 50

Rep: Reputation: 15
i would sugest using ssh and have this as the only port open on your firewall also make sure it is the only deamon listning on the linux machine.

ssh is secure so i wouldnt worry about people hacking it.(you could allways run a firewall over it allowing connections from specific ip addresses only, though you can do this in ssh)

In a word NO you cant only accep data transfer in one direction as the server need to send acknowledgement packets back to the client machine or vise versa.
Old 08-16-2005, 07:02 PM   #3
Registered: Mar 2005
Posts: 50

Rep: Reputation: 15
No trying to be rude but the diagram makes no sense. You could have:

client machine --->ssh(client)-->firewall>---------------INTERNET-------------------<firewall<--ssh(deamon)<--server
Old 08-16-2005, 07:12 PM   #4
LQ Guru
Registered: Jan 2003
Location: Seymour, Indiana
Distribution: Distribution: RHEL 5 with Pieces of this and that. Kernel, KDE 3.5.8 and KDE 4.0 beta, Plu
Posts: 5,700

Rep: Reputation: 62
I think what you are after is something like this. A firewall machine with 3 network cards in it.
eth0 is connected to the internet
eth1 is your local intranet on a non routable class C address
eth2 to the dmz where the server(s) will be. It will be on another non routable class C address.

eth0 external IP

Setup iptables to do all the packet filtering. Lots of info here on the subject.

For the second question, a router does the same as a firewall. It would be easier, but would use 2 routers.
First router with external IP on the wan and the internal setup as This is where your server(s) will be located. Then with the second router the outside port on it will be connected to the inside lan port of the first router. Use an address like for the wan side and then make the lan side of it Now all you have to do is setup which port to forward to in the area. On the second router no port forwarding is done to protect the internal machines on the private lan.

external IP > 1st router > > > 2nd router > machines)

If you want to add more security, all machines should run a firewall on them themselves.

Hope this helps out.

Last edited by Brian1; 08-16-2005 at 07:28 PM.
Old 09-09-2005, 02:01 AM   #5
Registered: Nov 2001
Location: NRW, Germany
Distribution: SLES / FC/ OES / CentOS
Posts: 611

Original Poster
Rep: Reputation: 32
Thanks for your ideas so far!

I think I will do the following:

Install a firewall on the server ( with only the ssh port open). Install nomachine on the Server, an configuring it to only accept ssh crypted sessions. Then i place a router at the other side (eth1 internal network) an connect the server with is connected to the internet via eth0 with a crossover cable to the route which will be connected to our intranet.

I think this will be ok, or not ??

I simply would like not to use a firewall at the route to my Intranet as i just would like to let NO traffic to my intranet. So I think this is an as easy rule as possible and a router would be the most easy way to astablish this, not ?


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
SmoothWall DMZ: problems with DHCP (i think!!??) jme Linux - Networking 8 03-12-2004 06:53 AM
smoothwall dmz bradyc Linux - Newbie 2 11-04-2003 04:00 PM
Smoothwall, DMZ, Webserver, almost there. Grafbak Linux - Networking 3 07-01-2003 01:05 PM
DMZ on Smoothwall sheryco Linux - Networking 8 03-03-2003 11:34 AM
Smoothwall DMZ config AnotherNewbie Linux - Networking 2 06-09-2002 03:29 PM > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 12:55 PM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration