Friday 01 of February 2008 01:09:45 Tom Eastep napisał(a): > Roberto C. Sánchez wrote: > > On Thu, Jan 31, 2008 at 10:22:21PM +0100, Krzysztof Lew wrote: > >> Hi, > >> > >> I've 2 interfaces setup: > >> > >> gateway(x.y.z.233) <-> (x.y.z.234)[eth3] ROUTER [eth4](192.168.3.1) <-> > >> LAN > >> > >> I've NAT running on router and also some Routed IP address mapping to > >> few internal machine, eg.: > >> x.y.z.236 <--->192.168.3.236 > >> x.y.z.237<---->192.168.3.237 > >> > >> Our client allows us to connect to his machine throught Internet via > >> VNC, but only from our ROUTER external IP x.y.z.234. > >> > >> But i want to have access to from anywhere from Internet. > > Kryzysztof: You realize that giving yourself that access goes against the > expressed wishes of your client, do you not? > > >> So i think i need to connect with VNC to my server, which should > >> redirect this connection to my client machine. > >> But i couldn't find hint in shorewall documentation :( > >> Can you please help me with link, document, etc? > > > > What you want to accomplish is completely orthogonal to Shorewall. > > Although what Krzysztof asks _could_ be accomplished with Shorewall, the > Shorewall-based solution would be open to all internet users. So Krzysztof > would be subverting his own client's security measures; that's not the way > to keep happy clients. > > The solution that Krzysztof implements (if he implements any at all) should > require strong authentication of the VNC client user by the proxy. > > -Tom
Thank you for yout consideration, I`m not going to violate my client security rules. But now i just found the way how to do this. I`ve open-vpn working on my router, so for specified roadwarrior i'll setup that all outgoing traffic will be routed throught my router (open vpn option). - that is my choice. Mean while i just find out other solution: connecting with ssh to router and setting up tunnel to it:somePort, and then this port would be redirected with one of solution mentioned by Roberto C. Sánchez. Any way thanks for your support, BR -- --- Krzysztof Lew noe(at)mikron.pl ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
