Roberto C. Sánchez wrote: > On Thu, Jan 31, 2008 at 10:22:21PM +0100, Krzysztof Lew wrote: >> Hi, >> >> I've 2 interfaces setup: >> >> gateway(x.y.z.233) <-> (x.y.z.234)[eth3] ROUTER [eth4](192.168.3.1) <-> LAN >> >> I've NAT running on router and also some Routed IP address mapping to few >> internal machine, eg.: >> x.y.z.236 <--->192.168.3.236 >> x.y.z.237<---->192.168.3.237 >> >> Our client allows us to connect to his machine throught Internet via VNC, >> but >> only from our ROUTER external IP x.y.z.234. >> >> But i want to have access to from anywhere from Internet.
Kryzysztof: You realize that giving yourself that access goes against the expressed wishes of your client, do you not? >> So i think i need to connect with VNC to my server, which should redirect >> this >> connection to my client machine. >> But i couldn't find hint in shorewall documentation :( >> Can you please help me with link, document, etc? >> > What you want to accomplish is completely orthogonal to Shorewall. Although what Krzysztof asks _could_ be accomplished with Shorewall, the Shorewall-based solution would be open to all internet users. So Krzysztof would be subverting his own client's security measures; that's not the way to keep happy clients. The solution that Krzysztof implements (if he implements any at all) should require strong authentication of the VNC client user by the proxy. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ [EMAIL PROTECTED] PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
