On 10/26/2010 09:53 PM, Tom Eastep wrote:
On the other hand this approach will require some software and setup on the remote end. If service and point A are located in the east coast and B client on the West Coast ..... I would say correct but not so "Green" solution :-P , regardless of the distance between the points.On 10/26/10 8:41 AM, Norbert Penel wrote:Really thanks gentlemen You re right, i try to open a wan port i have investigate mac filtering and i succeed to get that in my shorewall dump : 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 MAC 00:XX:XX:XX:XX:XX tcp dpt:22 unfortunetly it doesn t work ... snifAnyway, i'll have a look on ipsets that seems to fit my need Do you know which shorewall service call will update the IP if this one have change, reload or restart ? Am i the first to ask for dyndns ? on my mind, it should be implemented in core ...Shorewall configures Netfilter which is a stateful *packet filter*. Packet filters are based on the contents of packet protocol headers and connection state. DNS names are not included in those headers. If you want to support clients on dynamic IP addresses, then the best way is to establish a VPN where you authenticate the remote client then filter the tunneled packets using the protocol headers (i.e., with Shorewall).
Cheers to all. Harry
smime.p7s
Description: S/MIME Cryptographic Signature
------------------------------------------------------------------------------ Nokia and AT&T present the 2010 Calling All Innovators-North America contest Create new apps & games for the Nokia N8 for consumers in U.S. and Canada $10 million total in prizes - $4M cash, 500 devices, nearly $6M in marketing Develop with Nokia Qt SDK, Web Runtime, or Java and Publish to Ovi Store http://p.sf.net/sfu/nokia-dev2dev
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
