That is not possible at the moment. An Implementation like that would require resolving the hostnames "on the fly" which is not possible with an outside DNS-Server slowly responding or even timing out if the domainname is wrong or whatever. Another option would be a frequent update collecting all domainalias from time to time and resolving their ips. This then might be a security issue for the time an ip adress has changed but the information was not already updated in the firewall. someone else who got that ip would be able to access (not very likely but possible). On the other hand the "new" domain ip won't be allowed to get in until that information was updated. I would suggest using mobile IPSEC clients or maybe pptp as you get an encryption on top of "just" opening ports. You'll find a tutorial how to setup tunnels between dynamic and static endpoint in our tutorials section. Another option would be using doorman-package to open up ports with the right knocksequence. I haven't used that, but this should work as well.
Holger > -----Ursprüngliche Nachricht----- > Von: Mojo Jojo [mailto:[EMAIL PROTECTED] > Gesendet: Freitag, 4. November 2005 02:26 > An: PfSense Support List > Betreff: [pfSense Support] Host Names instead of IPs when > setting up an > alias > > > We have an alias setup with all the home IPs of our > employees. Problem we > have is they all have dynamic IPs that change. > > I am wondering if I can have each of them setup a hostname > with a service > like dyndns.org and enter their hostname in the alias list > instead of their > IPs which should keep their access through the firewall > working, even when > their IPs change. > > Will this work? > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > ____________ Virus checked by G DATA AntiVirusKit --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
