Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I have an internal network at my home as well as at my office. At home, I use an iptables firewall (with masquerading enabled). I want to be able to access one of the machines on my internal home network from my workstation at my office. My work machine is also behind a firewall, but I don't have access to its configuration.
Here is the problem. I know I can create a chain on my home firewall to do port forwarding from all traffic coming from my work firewall. But I want to specifically only allow traffic from my internal work computer to my internal home computer.
Without having access to the configuration of my work firewall, I was wondering if there is a rule I can create on just my home iptables config that will do this?
Assuming that your work network performs Network Address Translation (NAT), this is not possible, as an incoming connection from any computer on your work network will have the same IP.
I would reccomend using a secure protocol, or performing SSH tunneling.
I would reccomend using a secure protocol, or performing SSH tunneling.
Could you elaborate? Possibly point me towards some kind of howto or other documentation? What I had actually hoped to do was to do a remote desktop (rdp protocol) into my home windows machinewhen I need to. I already have this capability going the other direction (from home to work) as my work network is setup with secure VPN tunneling. However, I would have no clue how to set anything like this up from home.
Since I'm not running linux on the desktop (only on my router/firewall box) I don't know if this is the proper forum to ask this.
I would leave my computer on at home and go to work and ping the sh&t out of my home computer while at work. Then go home and look at the logs and see the work IP address. Take that IP and add a rule in iptable to forward only that ip and port 22 (i think that is what ssh) uses to whatever internal computer on my network I want to connect to. Then go to work and connect.
Well, that was going to be my solution, but then I thought how many people are behind my work firewall. I wanted to allow access from only my work machine...not every machine on my internal work network
since your work machine is nated, you cannot identify it : that's NOT possible.
using ssh can involve using a username/password, that should be a good protection.
There is no way to see beyond the gateway at work into the internal network from your home. You have to open it on the gateway IP addresses.. i.e. everyone at work. But someone at work would have to try to connect to your home IP in order to know... unlikely. And they still can't log in without a password. Oh the reason I told you to ping is because they might use more than one gateway.. 2 or 3 ip's would have to be forwarded in your iptables then.
you can also connect through ssh from work to home : next time you'll log in at home, you'll have the banner "Last login from xxx.xxx.xxx.xxx" ; unless you've changed thye default behaviour of sshd.
Originally posted by fr_laz you can also connect through ssh from work to home : next time you'll log in at home, you'll have the banner "Last login from xxx.xxx.xxx.xxx" ; unless you've changed thye default behaviour of sshd.
Funny, he's question is on how to do that in the first place. If he could do that this post wouldn't exist.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.