On Tue, Sep 5, 2017 at 5:58 PM, Tom Eastep <teas...@shorewall.net> wrote:
> To sum up : I need the user to knock on port X which triggers the DNAT
> > of port Y to the internal Windows RDP port.
> >
> > How can I achieve that? Thank you.
> >
> > PS: Using Shorewall 5.0.12 if that matters.
>
> Do you need any other RDP access from the 'net' zone?
>
Sorry for the reply delay :-(
In this particular case, the answer is NO as the Windows box is the only
one present in the 'lan' zone and which needs to be accessed from the 'net'
zone.
Anyway, from a pure personal curiosity standpoint, if you can come up with
a generic solution that would work for other cases, even by fiddling a bit
with the configuration, I'd be very interested. It even should make its way
into the doc as a tutorial I think.
I have in mind things like knock on 'net' port X which would activate a
DNAT for host on zone 'zone', host H and port Y.
Even things more complex like : knock on port X would trigger a series of
rules, like a "bloc" of instructions similar the the "?IF" construct. I
have the perfect example for that : I work remotely and sometimes, I need
access to the "VMWare vCenter/ESXi" host(s) using the "VMware Workstation
Pro" app from a Windows VM. For this app to connect successfully to a
vCenter/ESXi host, it needs to access 3 ports on the destination, (tcp 443,
902 and 903). It would be very convenient then to be able to use the port
knocking feature which would trigger all the needed rules (accept, dnat,
whatever). For now, I use SSH tunnels. It works but if the tcp-over-tcp
stacking could be avoided, it would be nice ;)
Thank you.
--
ObNox
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users
